i'm trying to port an old perl project ( which was essentially
middleware for the mod_perl environment ) to Pyramid/WSGI
The basic premise is that it:
- migrates the x-fowraded-for header into remote-addr
- but only from accepted servers by ip
- but only from accepted servers with a lan secret
On Fri, 2011-03-04 at 09:45 -0800, Jonathan Vanasco wrote:
i'm trying to port an old perl project ( which was essentially
middleware for the mod_perl environment ) to Pyramid/WSGI
The basic premise is that it:
- migrates the x-fowraded-for header into remote-addr
- but only from accepted
thanks. the accepted ips don't need to be db based. the notion is
that you can trivially ensure that a request is through your gateway
and doesn't have spoofed headers if the application recognizes both a
the ip of the server and a secret that only those ips would know.
for example, you would
Sounds really simple. One of the paster middlewares (prefix?) does the
X-Remote-Addr translation already IIRC, but it is only 2 lines of code. Use
the ipaddr library to match subnets. See
http://pythonpaste.org/deploy/#paste-filter-factory for how you can make
your middleware compatible with