Skip to content

Get the real REMOTE_ADDR when running django behind a loadbalancer

License

Notifications You must be signed in to change notification settings

zsoldosp/django-httpxforwardedfor

Repository files navigation

django-httpxforwardedfor

https://travis-ci.org/PaesslerAG/django-httpxforwardedfor.svg?branch=master

Set request.META['REMOTE_ADDR'] from request.META['HTTP_X_FORWARDED_FOR']


Install django-httpxforwardedfor:

pip install django-httpxforwardedfor

Configure it in the settings of your django project:

# Make sure it is at the beginning of the list of middle-ware classes.
# Only other middle-ware classes working on the remote address should
# precede it.
MIDDLEWARE = [
    'httpxforwardedfor.middleware.HttpXForwardedForMiddleware',
] + MIDDLEWARE

# Only allow HTTP_X_FORWARDED_FOR, if the request is marked as secure.
SECURE_PROXY_SSL_HEADER = ('HTTP_X_FORWARDED_PROTO', 'https')

# To only allow change of the REMOTE_ADDR for requests via HTTPS.
# The default is to allow all requests.
TRUST_ONLY_HTTPS_PROXY = True
  • 0.3.1 - dropping support for Python 3.4 as it ran into EOL in March19
  • 0.3.0 - update supported versions according to https://www.djangoproject.com/download/#supported-versions and https://devguide.python.org/#status-of-python-branches
    • dropping support for Django 1.10 and Python 3.2 and 3.3
    • adding support for Python 3.7
    • adding support for Django 2.0
    • adding support for Django 2.1
  • 0.2.0 - futureproof release
    • adapt to new middleware format of django 1.10+
    • drop support for python 3.3, django < 1.10
  • 0.1.2 - initial release
    • supports Django 1.8, 1.9, 1.10, 1.11 on python 2.7, 3.3, 3.4, 3.5, and 3.6 - as per the official django docs
    • configuration to activate forwarding of header only for safe requests and trusting only https requests in general.

As an open source project, we welcome contributions.

The code lives on github.

Please open an issue on github or provide a pull request whether for code or for the documentation.

For non-trivial changes, we kindly ask you to open an issue, as it might be rejected. However, if the diff of a pull request better illustrates the point, feel free to make it a pull request anyway.

  • for code changes
    • it must have tests covering the change. You might be asked to cover missing scenarios
    • the latest flake8 will be run and shouldn't produce any warning
    • if the change is significant enough, documentation has to be provided
sudo apt-get -y install software-properties-common
sudo add-apt-repository ppa:fkrull/deadsnakes
sudo apt-get update
for version in 3.5 3.6 3.7; do
  py=python$version
  sudo apt-get -y install ${py} ${py}-dev
done

As it is a Django extension, it follows Django's own Code of Conduct. As there is no mailing list yet, please just email one of the main authors (see setup.py file or github contributors)

About

Get the real REMOTE_ADDR when running django behind a loadbalancer

Topics

Resources

License

Stars

Watchers

Forks

Packages

No packages published