you can do: @auth.requires(lambda: IS_IPV4()(request.client)[1])
works behind a proxy if the proxy uses HTTP_X_FORWARDED_FOR but it can be spoofed @auth.requires(lambda: IS_IPV4()(request.addr)[1]) does not work behind a proxy and cannot be spoofed. Massimo On Jul 23, 5:36 am, Fran <[email protected]> wrote: > On Jul 23, 10:36 am, AchipA <[email protected]> wrote: > > > I wished we had a sort of standardized way of having a > > @local_only or @auth.ip_in(...) decorator of sorts > > I like it :) > - perhaps reusing the IS_IPV4 validator code > > Not sure it would work through proxies though... > > > (maybe we already do?). > > No - just the template at the top of appadmin.py... > > F --~--~---------~--~----~------------~-------~--~----~ You received this message because you are subscribed to the Google Groups "web2py-users" group. To post to this group, send email to [email protected] To unsubscribe from this group, send email to [email protected] For more options, visit this group at http://groups.google.com/group/web2py?hl=en -~----------~----~----~----~------~----~------~--~---
