Hey all,

As a new years gift, I have just released a beta version of waitress 1.2.0, 
hopefully with a bit of luck this will be the only beta release with minimal or 
no changes and 1.2.0 should follow shortly.

This release has some major changes to the proxy handling in Waitress, which 
will be of note for those of you that use Waitress behind a reverse proxy such 
as NGINX/HAProxy/Apache or others.

Waitress is now able to manipulate and change the WSGI environment to match 
what the proxy headers are sending, and has full support for the new Forwarded 

Documentation is available here: 

Please note that in the future Waitress is going to be more secure by default, 
and will strip known proxy headers before forwarding them on in the WSGI 
environ to help protect WSGI applications from accidentally using attacker 
provider proxy headers and their values.

Waitress will warn if you don't explicitly opt-in to the following:

If trusted_proxy is set, trusted_proxy_headers should be set to the values you 
explicitly want Waitress to use (and are known valid from an upstream proxy), 
and clear_untrusted_proxy_headers should be set to either True or False. See 
<https://docs.pylonsproject.org/projects/waitress/en/latest/arguments.html> for 
more information on what these knobs are and valid values.

I am hoping to get some feedback from testing, if you can, deploy this and 
remove any middleware you may have that is manipulating the environ and test if 
waitress matches expectations.


pip install waitress=1.2.0b1

Thank you,
Bert JW Regeer

You received this message because you are subscribed to the Google Groups 
"pylons-devel" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to pylons-devel+unsubscr...@googlegroups.com.
To post to this group, send email to pylons-devel@googlegroups.com.
Visit this group at https://groups.google.com/group/pylons-devel.
For more options, visit https://groups.google.com/d/optout.

Reply via email to