Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Document how to override IP address (e.g. for reverse proxy) #56

Open
davidhalter opened this issue Aug 31, 2016 · 6 comments
Open

Document how to override IP address (e.g. for reverse proxy) #56

davidhalter opened this issue Aug 31, 2016 · 6 comments
Labels
missing documentation

Comments

@davidhalter
Copy link

When working with a reverse proxy in front of Django, request.META.get('REMOTE_ADDR', '') might not be set correctly. This is something that could easily be avoided by using e.g. django-ipware:

ipware.ip.get_ip(request)

This would unfortunately add a new requirement to django-user-sessions, but fix some issues in this project.

Happy to create a pull request if you want!
@Bouke
Copy link
Collaborator

Bouke commented Sep 21, 2016

Hi @davidhalter. It might work for your situation, but not in general. Please refer to the explanation given in #12, #34 and #35 on why that is a bad idea.

@Bouke Bouke closed this as completed Sep 21, 2016
@davidhalter
Copy link
Author

I can understand the reasoning. However I think in this case you should provide a way to configure a function that returns the IP address.

@Bouke
Copy link
Collaborator

Bouke commented Sep 25, 2016

There is already a way to provide the correct IP address. For example I use the following middleware on heroku:

class SetRemoteAddrFromForwardedFor(object):
    def process_request(self, request):
        try:
            real_ip = request.META['HTTP_X_FORWARDED_FOR']
        except KeyError:
            pass
        else:
            # HTTP_X_FORWARDED_FOR can be a comma-separated list of IPs.
            # Take just the first one.
            real_ip = real_ip.split(",")[0]
            request.META['REMOTE_ADDR'] = real_ip

However it might be good to include such information in the documentation.

@Bouke Bouke reopened this Sep 25, 2016
@Bouke Bouke changed the title Wrong IP in a session Document how to override IP address (e.g. for reverse proxy) Sep 25, 2016
@davidhalter
Copy link
Author

I'm using something similar. However this is IMO not how configuration management should be working. IMO the function to get the IP should be configurable, receive a request object, and return an IP.

@snoepkast
Copy link

I came here looking for this exact solution. Your middleware code looks good and I will implement it. However given the answer in this stack overflow, you might want to consider using the last ip address in x-forwarded-for instead of the first, at least on heroku.

@Bouke
Copy link
Collaborator

Bouke commented Jun 27, 2017

@snoepkast thanks for the information, the snippet should indeed be updated. This is also a great example on why this package doesn't consider X-Forwarded-For headers. Every platform is different and this particular header is implementation specific.

@Bouke Bouke mentioned this issue Jun 21, 2020
Closed
7 tasks
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
missing documentation
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
3 participants
@Bouke @davidhalter @snoepkast