Re: #27485 new New feature Allow ALLOWED_HOSTS to accept an IP-range / wildcard

[Tobias McNulty]

There is a non-development use case here, which is being able to accept the
IP range for a subnet used in an EC2 VPC (used by load balancers for health
checks). Sure, I could iterate through all the potential IPs and add
them, divine
a way

to (maybe) discover it via the socket module, or make an HTTP request to
retrieve it from the EC2 meta data API, but this seems like another time
when being concise and explicit about the allowed IPs/subnets (without
requiring a network call from settings.py) would be helpful. Using the
established convention of subnets rather than wildcards would be preferred,
IMHO.

Tobias

On Wed, Nov 23, 2016 at 11:40 AM, 'Tom Evans' via Django developers
(Contributions to Django itself)  wrote:

> On Sat, Nov 19, 2016 at 1:01 AM, Florian Apolloner
>  wrote:
> > On Thursday, November 17, 2016 at 5:07:07 PM UTC+1, Tom Evans wrote:
> >>
> >> Or:
> >>   from socket import gethostname, gethostbyname
> >>   ALLOWED_HOSTS = [ gethostname(), gethostbyname(gethostname()), ]
> >
> >
> > That a) adds your hostname and b) (assuming you properly configured your
> > system) 127.0.0.1  -- so as long as they are using 192.* to access the
> site,
> > this does not help.
>
> Our servers are configured such that "localhost" resolves to
> 127.0.0.1, and the hostname resolves to the local IP of the server.
>
> I don't think our servers are in any way misconfigured, or configured
> in a "special" manner - my laptop is configured in precisely the same
> manner out of the box.
>
> The offered solution works correctly on all of our development and
> production servers, and also on our developers local machines running
> various versions of Linux.
>
> Cheers
>
> Tom
>
> --
> You received this message because you are subscribed to the Google Groups
> "Django developers  (Contributions to Django itself)" group.
> To unsubscribe from this group and stop receiving emails from it, send an
> email to django-developers+unsubscr...@googlegroups.com.
> To post to this group, send email to django-developers@googlegroups.com.
> Visit this group at https://groups.google.com/group/django-developers.
> To view this discussion on the web visit https://groups.google.com/d/
> msgid/django-developers/CAFHbX1K_1dCLrMQm4cy0u1i1cnEzLJV%2Bb_1-
> p9n58ERV7%3Dghvg%40mail.gmail.com.
> For more options, visit https://groups.google.com/d/optout.
>



-- 


*Tobias McNulty*Chief Executive Officer

tob...@caktusgroup.com
www.caktusgroup.com

-- 
You received this message because you are subscribed to the Google Groups 
"Django developers  (Contributions to Django itself)" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to django-developers+unsubscr...@googlegroups.com.
To post to this group, send email to django-developers@googlegroups.com.
Visit this group at https://groups.google.com/group/django-developers.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/django-developers/CAMGFDKRa3AkU18jCTtyO-XFmm%2BeQBWjTHuOQXegC%2ByNMPB%3D0Xg%40mail.gmail.com.
For more options, visit https://groups.google.com/d/optout.

Re: #27485 new New feature Allow ALLOWED_HOSTS to accept an IP-range / wildcard

['Tom Evans' via Django developers (Contributions to Django itself)]

On Sat, Nov 19, 2016 at 1:01 AM, Florian Apolloner
 wrote:
> On Thursday, November 17, 2016 at 5:07:07 PM UTC+1, Tom Evans wrote:
>>
>> Or:
>>   from socket import gethostname, gethostbyname
>>   ALLOWED_HOSTS = [ gethostname(), gethostbyname(gethostname()), ]
>
>
> That a) adds your hostname and b) (assuming you properly configured your
> system) 127.0.0.1  -- so as long as they are using 192.* to access the site,
> this does not help.

Our servers are configured such that "localhost" resolves to
127.0.0.1, and the hostname resolves to the local IP of the server.

I don't think our servers are in any way misconfigured, or configured
in a "special" manner - my laptop is configured in precisely the same
manner out of the box.

The offered solution works correctly on all of our development and
production servers, and also on our developers local machines running
various versions of Linux.

Cheers

Tom

-- 
You received this message because you are subscribed to the Google Groups 
"Django developers  (Contributions to Django itself)" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to django-developers+unsubscr...@googlegroups.com.
To post to this group, send email to django-developers@googlegroups.com.
Visit this group at https://groups.google.com/group/django-developers.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/django-developers/CAFHbX1K_1dCLrMQm4cy0u1i1cnEzLJV%2Bb_1-p9n58ERV7%3Dghvg%40mail.gmail.com.
For more options, visit https://groups.google.com/d/optout.

Re: #27485 new New feature Allow ALLOWED_HOSTS to accept an IP-range / wildcard

[Florian Apolloner]

On Thursday, November 17, 2016 at 5:07:07 PM UTC+1, Tom Evans wrote:
>
> Or: 
>   from socket import gethostname, gethostbyname 
>   ALLOWED_HOSTS = [ gethostname(), gethostbyname(gethostname()), ] 
>

That a) adds your hostname and b) (assuming you properly configured your 
system) 127.0.0.1  -- so as long as they are using 192.* to access the 
site, this does not help.

Cheers,
Florian

-- 
You received this message because you are subscribed to the Google Groups 
"Django developers  (Contributions to Django itself)" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to django-developers+unsubscr...@googlegroups.com.
To post to this group, send email to django-developers@googlegroups.com.
Visit this group at https://groups.google.com/group/django-developers.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/django-developers/adc6c41b-b8fc-4e2e-a6cc-f8074408481a%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.

Re: #27485 new New feature Allow ALLOWED_HOSTS to accept an IP-range / wildcard

[Thomas Turner]

Thank you all. I will have a look to see if I can do it without patching.

Tom

On Thursday, November 17, 2016 at 12:42:56 AM UTC, Thomas Turner wrote:
>
> Hi
>
> The other day I raise a ticket to do with ALLOWED_HOSTS and it was 
> suggested that I post on this group before creating a patch
> The ticket is https://code.djangoproject.com/ticket/27485
>
> The problem
>
> Now that Django 1.10.3 forces ALLOWED_HOSTS on with debug I have a problem.
> The problem is that when I developing I use an ip-address range of 
> 192.168.1.*. 
> The Ip-address can change depending on the computer I use.
> so I required the ability to add wildcard partly in an hostname.
> ie 
> ALLOWED_HOSTS = ['192.168.1.*', '.mydomain.com']
> I have seen this solution that doesn't require Django to be changed 
> however I don't like it as I feel this could be a security issue
> ​
> http://stackoverflow.com/questions/37031749/django-allowed-hosts-ips-range
>
> I happy to do a patch for this. What do people think?
>
> Tom
>
>
>
>

-- 
You received this message because you are subscribed to the Google Groups 
"Django developers  (Contributions to Django itself)" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to django-developers+unsubscr...@googlegroups.com.
To post to this group, send email to django-developers@googlegroups.com.
Visit this group at https://groups.google.com/group/django-developers.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/django-developers/b5acf0e5-5114-4346-8cd3-75e3946c973d%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.

Re: #27485 new New feature Allow ALLOWED_HOSTS to accept an IP-range / wildcard

['Tom Evans' via Django developers (Contributions to Django itself)]

On Wed, Nov 16, 2016 at 10:29 PM, Thomas Turner  wrote:
> Hi
>
> The other day I raise a ticket to do with ALLOWED_HOSTS and it was suggested
> that I post on this group before creating a patch
> The ticket is https://code.djangoproject.com/ticket/27485
>
> The problem
>
> Now that Django 1.10.3 forces ALLOWED_HOSTS on with debug I have a problem.
> The problem is that when I developing I use an ip-address range of
> 192.168.1.*.
> The Ip-address can change depending on the computer I use.
> so I required the ability to add wildcard partly in an hostname.
> ie
> ALLOWED_HOSTS = ['192.168.1.*', '.mydomain.com']

Or:
  from socket import gethostname, gethostbyname
  ALLOWED_HOSTS = [ gethostname(), gethostbyname(gethostname()), ]

?

Cheers

Tom

-- 
You received this message because you are subscribed to the Google Groups 
"Django developers  (Contributions to Django itself)" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to django-developers+unsubscr...@googlegroups.com.
To post to this group, send email to django-developers@googlegroups.com.
Visit this group at https://groups.google.com/group/django-developers.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/django-developers/CAFHbX1LndZK4DR7Lvqd3YeOBJoT33PpnGW-Vr84mF%3Ds1zdTQFQ%40mail.gmail.com.
For more options, visit https://groups.google.com/d/optout.

Re: #27485 new New feature Allow ALLOWED_HOSTS to accept an IP-range / wildcard

[Aymeric Augustin]

Hello,

If changes are made in this direction, allowing ip address and ip network 
objects in addition to strings would likely be the best API: 
https://docs.python.org/3/library/ipaddress.html#ipaddress.ip_network 


That module is new in Python 3 but since Django is on the verge of dropping 
support for Python 2, the fancy new toys are available now :-)

-- 
Aymeric.

> On 16 Nov 2016, at 23:29, Thomas Turner  wrote:
> 
> Hi
> 
> The other day I raise a ticket to do with ALLOWED_HOSTS and it was suggested 
> that I post on this group before creating a patch
> The ticket is https://code.djangoproject.com/ticket/27485 
> 
> 
> The problem
> 
> Now that Django 1.10.3 forces ALLOWED_HOSTS on with debug I have a problem.
> The problem is that when I developing I use an ip-address range of 
> 192.168.1.*. 
> The Ip-address can change depending on the computer I use.
> so I required the ability to add wildcard partly in an hostname.
> ie 
> ALLOWED_HOSTS = ['192.168.1.*', '.mydomain.com']
> I have seen this solution that doesn't require Django to be changed however I 
> don't like it as I feel this could be a security issue
> ​http://stackoverflow.com/questions/37031749/django-allowed-hosts-ips-range
> 
> I happy to do a patch for this. What do people think?
> 
> Tom
> 
> 
> 
> 
> -- 
> You received this message because you are subscribed to the Google Groups 
> "Django developers (Contributions to Django itself)" group.
> To unsubscribe from this group and stop receiving emails from it, send an 
> email to django-developers+unsubscr...@googlegroups.com 
> .
> To post to this group, send email to django-developers@googlegroups.com 
> .
> Visit this group at https://groups.google.com/group/django-developers 
> .
> To view this discussion on the web visit 
> https://groups.google.com/d/msgid/django-developers/7c03baf9-8d87-4716-be66-f6a642721a77%40googlegroups.com
>  
> .
> For more options, visit https://groups.google.com/d/optout 
> .

-- 
You received this message because you are subscribed to the Google Groups 
"Django developers  (Contributions to Django itself)" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to django-developers+unsubscr...@googlegroups.com.
To post to this group, send email to django-developers@googlegroups.com.
Visit this group at https://groups.google.com/group/django-developers.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/django-developers/C401E4F8-F86A-4AD7-A70C-BBB7FE6C8E03%40polytechnique.org.
For more options, visit https://groups.google.com/d/optout.

Re: #27485 new New feature Allow ALLOWED_HOSTS to accept an IP-range / wildcard

[Raphaël Barrois]

On Wed, 16 Nov 2016 20:32:34 -0800 (PST)
Yo-Yo Ma  wrote:

> I'm not a fan of adding more complexity, for a couple reasons:
> 
> 1) you have the ['*'] option for local / office development
> 2) you can just add a record to /etc/hosts to point to the server and then 
> use a name like e.g., local-office - just
> update the record to point to whatever IP you're using st the time
> 

Since settings are Python code, you could also do the following:

ALLOWED_HOSTS = ['.mydomain.com'] + ['192.168.1.%d' % i for i in range(256)]

With this flexibility in mind, I don't think increasing the amount of wildcard 
options is required ;)

-- 
Raphaël

-- 
You received this message because you are subscribed to the Google Groups 
"Django developers  (Contributions to Django itself)" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to django-developers+unsubscr...@googlegroups.com.
To post to this group, send email to django-developers@googlegroups.com.
Visit this group at https://groups.google.com/group/django-developers.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/django-developers/20161117093831.28cc1cd2%40ithor.polyconseil.fr.
For more options, visit https://groups.google.com/d/optout.

#27485 new New feature Allow ALLOWED_HOSTS to accept an IP-range / wildcard

[Yo-Yo Ma]

I'm not a fan of adding more complexity, for a couple reasons:

1) you have the ['*'] option for local / office development
2) you can just add a record to /etc/hosts to point to the server and then use 
a name like e.g., local-office - just update the record to point to whatever IP 
you're using st the time

-- 
You received this message because you are subscribed to the Google Groups 
"Django developers  (Contributions to Django itself)" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to django-developers+unsubscr...@googlegroups.com.
To post to this group, send email to django-developers@googlegroups.com.
Visit this group at https://groups.google.com/group/django-developers.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/django-developers/c0d5c95a-b978-434f-9ce7-0964cbedae31%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.

#27485 new New feature Allow ALLOWED_HOSTS to accept an IP-range / wildcard

[Thomas Turner]

Hi

The other day I raise a ticket to do with ALLOWED_HOSTS and it was 
suggested that I post on this group before creating a patch
The ticket is https://code.djangoproject.com/ticket/27485

The problem

Now that Django 1.10.3 forces ALLOWED_HOSTS on with debug I have a problem.
The problem is that when I developing I use an ip-address range of 
192.168.1.*. 
The Ip-address can change depending on the computer I use.
so I required the ability to add wildcard partly in an hostname.
ie 
ALLOWED_HOSTS = ['192.168.1.*', '.mydomain.com']
I have seen this solution that doesn't require Django to be changed however 
I don't like it as I feel this could be a security issue
​http://stackoverflow.com/questions/37031749/django-allowed-hosts-ips-range

I happy to do a patch for this. What do people think?

Tom



-- 
You received this message because you are subscribed to the Google Groups 
"Django developers  (Contributions to Django itself)" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to django-developers+unsubscr...@googlegroups.com.
To post to this group, send email to django-developers@googlegroups.com.
Visit this group at https://groups.google.com/group/django-developers.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/django-developers/7c03baf9-8d87-4716-be66-f6a642721a77%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.