Andreas Jung wrote:
> Hi there,
> I have repoze.bfg app listening (started using paster serve).
> What is the best practice for restricting access to the server to a
> number of IP addresses other than through a firewall.  Is there
> some WSGI middleware doing the filtering? I think writing a WSGI filter
> would not be too hard but how to configure this with the server.ini?
> Just looking for the missing link.

I guess it depends what granularity of access you want different kinds of 
people to have.

If you just want anyone from any network other than X.X.X.X/255 to be rejected 
by the system when they attempt to access port XXX, this is probably best done 
at the system level (firewall).

If you want to be able to identify two or more sets of people based on their IP 
address, and give the sets different system access levels, I might write a BFG 
authentication policy based on the repoze.who plugin that lives at ... or just use 
repoze.who and the BFG repoze.who authentication policy.  See

- C

Repoze-dev mailing list

Reply via email to