Hi there, There doesn't appear to be a way to get the client's IP address from the request. Zope 2 has a getClientAddr() on the request object that uses _client_addr, which gets created like this:
if environ.has_key('REMOTE_ADDR'): self._client_addr = environ['REMOTE_ADDR'] if (environ.has_key('HTTP_X_FORWARDED_FOR') and self._client_addr in trusted_proxies): # REMOTE_ADDR is one of our trusted local proxies. Not # really very remote at all. # The proxy can tell us the IP of the real remote client in # the forwarded-for header self._client_addr = environ[ 'HTTP_X_FORWARDED_FOR'].split(',')[-1].strip() else: self._client_addr = '' # The trusted_proxies configuration setting contains a sequence # of front-end proxies that are trusted to supply an accurate # X_FORWARDED_FOR header. If REMOTE_ADDR is one of the values in # this list and it has set an X_FORWARDED_FOR header, ZPublisher # copies REMOTE_ADDR into X_FORWARDED_BY, and the last element of # the X_FORWARDED_FOR list into REMOTE_ADDR. X_FORWARDED_FOR is # left unchanged. The ZConfig machinery may sets this attribute # on initialization if any trusted-proxies are defined in the # configuration file. trusted_proxies = [] Would it be valuable to have equivalent machinery in Zope 3? I would like to retrieve the IP address and it'd be nice if it worked with proxies. Porting this code to Zope 3 sounds possible. Some problems: * 'HTTP_X_FORWARDED_FOR' is not seen as something that ends up in environ, as it's not considered to be a valid cgi name by zope.publisher.browser. Where would it end up? In headers? * There's no zconf setting in Zope 3 that I'm aware of to configure trusted_proxies * there's a comment that cookie data is accessed before environ data. Does this mean a cookie could be crafted to fake REMOTE_ADDR? Regards, Martijn _______________________________________________ Zope3-dev mailing list Zope3-dev@zope.org Unsub: http://mail.zope.org/mailman/options/zope3-dev/archive%40mail-archive.com