[web2py] Re: bug in rewrite.py ?

Sat, 05 Oct 2013 11:48:25 -0700 


>
> How you explain that gunicorn is listening on port 80 when after 
> starting it, it reports e.g.: 
>
>
are you sure that is the only one gunicorn instance running in your env ? 
if yes, do you access web2py using 127.0.0.1:62019 ?
if remote_port is set to 62019, then the instance you're accessing is the 
right one. If it's instead 80, something else is running web2py that 
reports remote_port as 80. 

> BTW, you may be missing that all of this is OUTSIDE the things that 
> > web2py can manage: those headers are sent by your frontend and 
> > there's nothing web2py can do about it, except treat them as 
> > parameters. 
>
> I dont't get it... 
>
> HTTP_X_FORWARDED_PORT        :         
> 443 
> HTTP_X_FORWARDED_PROTO        :         
> https 
> HTTP_X_FORWARDED_PROTOCOL        :         
> https 
>
> and server port is set to 80? How? 
>
>
web2py looks for remote_port to look for the parameters_xxx.py file, not 
http_x_forwarded port.
What does inspect and "trust" is instead http_x_forwarded_proto to tell if 
the request is an https one (meaning that even if the "lowest-middleware" 
is not doing any SSL secured transmission, if there is that header it means 
that on the layers on top (probably nginx in your setup) the connection is 
secure). This is a pretty standard behaviour in any piece of software 
working on reverse proxies because there is no other way for the "lower 
tiers" to know if the connection is secured or not from the "upper tiers".
 
the relevant piece of code is

HTTPS_SCHEMES = set(('https', 'HTTPS'))
.....
request.is_https = env.wsgi_url_scheme in HTTPS_SCHEMES or \
                        request.env.http_x_forwarded_proto in HTTPS_SCHEMES 
\
                        or env.https == 'on' 

-- 
Resources:
- http://web2py.com
- http://web2py.com/book (Documentation)
- http://github.com/web2py/web2py (Source code)
- https://code.google.com/p/web2py/issues/list (Report Issues)
--- 
You received this message because you are subscribed to the Google Groups 
"web2py-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to [email protected].
For more options, visit https://groups.google.com/groups/opt_out.

Reply via email to