#3872: Bug in SetRemoteAddrFromForwardedFor middleware
----------------------------------------+-----------------------------------
Reporter: Simon Willison | Owner: gregorth
Status: closed | Milestone:
Component: Core framework | Version: SVN
Resolution: fixed | Keywords: middleware
Stage: Ready for checkin | Has_patch: 1
Needs_docs: 0 | Needs_tests: 0
Needs_better_patch: 0 |
----------------------------------------+-----------------------------------
Comment (by JohnMoylan):
Maybe the issue is a documentation problem. I had mistakenly assumed that
this middleware was for use when you have a django app sitting behind a
reverse proxy. In such a settup you have to use the X-Forwarded-For last
IP that is before your own reverse proxy ip as the remote-ip.
If you want to try and get the original Client IP -
real_ip.split(",")[0].strip() then the current code is probably a good
attempt but in real world situations may not be as useful as just getting
the last proxy IP address because it will be more prone to issues with
proxy anonomizers or caches set up to strip X-Forwarded-For .
--
Ticket URL: <http://code.djangoproject.com/ticket/3872#comment:11>
Django <http://code.djangoproject.com/>
The Web framework for perfectionists with deadlines.
--~--~---------~--~----~------------~-------~--~----~
You received this message because you are subscribed to the Google Groups
"Django updates" group.
To post to this group, send email to django-updates@googlegroups.com
To unsubscribe from this group, send email to
django-updates+unsubscr...@googlegroups.com
For more options, visit this group at
http://groups.google.com/group/django-updates?hl=en
-~----------~----~----~----~------~----~------~--~---
