REGEXVAULTv2.0
Identity & PII/Digital Identity
Verified Safe

IPv4 Address (as PII identifier) Regex for Go

/^(?:(?:25[0-5]|2[0-4][0-9]|1[0-9]{2}|[1-9][0-9]|[0-9])\.){3}(?:25[0-5]|2[0-4][0-9]|1[0-9]{2}|[1-9][0-9]|[0-9])$/

What this pattern does

This page provides a comprehensive, battle-tested regular expression for matching ipv4 address (as pii identifier), ported and verified for Go. Identity and credential patterns need both correctness and safety, since they're frequent targets for adversarial input. The snippet below is ready to drop into your Go project — whether you're validating in a Gin handler, a gRPC service, or a command-line tool.

Go Implementation

Go
// IPv4 Address (as PII identifier)
// ReDoS-safe | RegexVault — Identity & PII > Digital Identity

package validation

import "regexp"

var ipv4AddressAsPiiIdentifierRe = regexp.MustCompile(`^(?:(?:25[0-5]|2[0-4][0-9]|1[0-9]{2}|[1-9][0-9]|[0-9])\.){3}(?:25[0-5]|2[0-4][0-9]|1[0-9]{2}|[1-9][0-9]|[0-9])$`)

func ValidateIpv4AddressAsPiiIdentifier(s string) bool {
    return ipv4AddressAsPiiIdentifierRe.MatchString(s)
}

// Example
// fmt.Println(ValidateIpv4AddressAsPiiIdentifier("192.168.1.1")) // true

Test Cases

Matches (Valid)
Rejects (Invalid)
192.168.1.1192.168.1.256
10.0.0.1192.168.1
8.8.8.8192.168.1.1.1
255.255.255.255192.168.01.1
0.0.0.0

When to use this pattern

This pattern is drawn from the Identity & PII > Digital Identity category and carries a ReDoS-safe certification. That matters for Go developers because Go's RE2 engine is inherently safe from catastrophic backtracking, but this pattern has been additionally verified for correctness. RegexVault audits patterns against known backtracking attack vectors, ensuring you have the necessary context before using this regex in a high-stakes production environment.

Common Pitfalls

Anonymizing IPs by zeroing the last octet (192.168.1.0 from 192.168.1.50) is a common technique for analytics. GDPR Article 25 (Privacy by Design) recommends this for non-essential logging.

Technical Notes

Under GDPR (C-582/14, Breyer v Germany), IP addresses can constitute personal data when the controller has the legal means to identify the individual. Dynamic IPs assigned by ISPs are personal data. Log files containing IP addresses must comply with GDPR retention requirements.

Have a pattern that belongs in the vault?

Submit it for review — community-verified patterns get credited to your GitHub handle. Free submissions join the queue. Priority review available for $15.

Submit a Pattern