Jeff Watkins wrote:
Jorge Godoy wrote:
Maybe it is time to make some pressure on Jeff and ask him to improve
identity
with some kind of IP checking and then we could allow only
connections from
localhost :-) (Just kidding, Jeff!)
You mean like the IP checking that already exists in Identity? Check
out from_host and from_any_host. They allow you to specify addresses
using masks: 10.0.0.0/24 would allow 10.0.0.1 - 10.0.0.255.
I pinched the original code from Catwalk.
One thing that I think both Catwalk and Identity are probably missing is
proxy support. If you just use the REMOTE_ADDR environment variable,
all proxied requests appear to come from 127.0.0.1 rather than the real
remote IP. What I usually do is check to see if the environment
variable HTTP_X_FORWARDED_FOR is set and if so, use that, otherwise use
REMOTE_ADDR:
remote_addr = os.environ.get('HTTP_X_FORWARDED_FOR,
os.environ.get('REMOTE_ADDR', ''))
Regards,
Cliff
