What does the IPv4 in URL Context (http/https) regex match?

Matches an HTTP or HTTPS URL where the host is an IPv4 address, with optional port and path.

Is the IPv4 in URL Context (http/https) regex ReDoS-safe?

Yes. Manually audited and tested against ReDoS attack strings. Anchors and possessive-style constraints prevent runaway backtracking paths.

Web & Network/IPv4

Verified Safe

IPv4 in URL Context (http/https) Regex for JavaScript

/^https?://(?:(?:25[0-5]|2[0-4][0-9]|1[0-9]{2}|[1-9][0-9]|[0-9])\.){3}(?:25[0-5]|2[0-4][0-9]|1[0-9]{2}|[1-9][0-9]|[0-9])(?::(?:6553[0-5]|655[0-2][0-9]|65[0-4][0-9]{2}|6[0-4][0-9]{3}|[1-5][0-9]{4}|[1-9][0-9]{0,3}))?(?:/[^\s]*)?$/i

What this pattern does

This page provides a comprehensive, battle-tested regular expression for matching ipv4 in url context (http/https), ported and verified for JavaScript. A rigorously tested regex reduces debugging time and protects your application from edge-case failures. The snippet below is ready to drop into your JavaScript project — whether you're validating in an Express middleware, a Next.js API route, or a client-side form.

Javascript Implementation

Javascript

// IPv4 in URL Context (http/https)
// ReDoS-safe | RegexVault — Web & Network > IPv4

const ipv4InUrlContextHttphttpsRegex = /^https?:\/\/(?:(?:25[0-5]|2[0-4][0-9]|1[0-9]{2}|[1-9][0-9]|[0-9])\.){3}(?:25[0-5]|2[0-4][0-9]|1[0-9]{2}|[1-9][0-9]|[0-9])(?::(?:6553[0-5]|655[0-2][0-9]|65[0-4][0-9]{2}|6[0-4][0-9]{3}|[1-5][0-9]{4}|[1-9][0-9]{0,3}))?(?:\/[^\s]*)?$/i;

function validateIpv4InUrlContextHttphttps(input: string): boolean {
  return ipv4InUrlContextHttphttpsRegex.test(input);
}

// Example
console.log(validateIpv4InUrlContextHttphttps("http://192.168.1.1")); // true

Test Cases

Matches (Valid)	Rejects (Invalid)
`http://192.168.1.1`	`http://256.0.0.1`
`https://10.0.0.1:8443/api/v1`	`ftp://192.168.1.1`
`http://127.0.0.1/index.html`	`http://192.168.1`
`https://8.8.8.8:53`	`192.168.1.1/path`
`http://0.0.0.0/`	`http://192.168.1.1:99999/path`

When to use this pattern

This pattern is drawn from the Web & Network > IPv4 category and carries a ReDoS-safe certification. That matters for JavaScript developers because especially critical in long-running Node.js event loops where a ReDoS vulnerability can block the entire process. RegexVault audits patterns against known backtracking attack vectors, ensuring you have the necessary context before using this regex in a high-stakes production environment.

Common Pitfalls

Do not use (.+) or (.*) for the path — use [^\s]* or a more specific character class to avoid catastrophic backtracking.

Technical Notes

The i flag makes the scheme case-insensitive (HTTP and HTTPS are valid). Path component uses [^\s]* which is bounded by whitespace, not by content — safe against ReDoS.

Have a pattern that belongs in the vault?

Submit it for review — community-verified patterns get credited to your GitHub handle. Free submissions join the queue. Priority review available for $15.

Submit a Pattern