Show More
| @@ -111,6 +111,9 b' app_instance_uuid = development-not-secr' | |||||
| 111 | ## cut off limit for large diffs (size in bytes) |
|
111 | ## cut off limit for large diffs (size in bytes) | |
| 112 | cut_off_limit = 256000 |
|
112 | cut_off_limit = 256000 | |
| 113 |
|
113 | |||
|
|
114 | ## WSGI environment variable to get the IP address of the client (default REMOTE_ADDR) | |||
|
|
115 | #remote_addr_variable = HTTP_X_FORWARDED_FOR | |||
|
|
116 | ||||
| 114 | ## always pretend the client connected using HTTPS (default false) |
|
117 | ## always pretend the client connected using HTTPS (default false) | |
| 115 | #force_https = true |
|
118 | #force_https = true | |
| 116 |
|
119 | |||
| @@ -423,8 +423,12 b' somehow pass the original information on' | |||||
| 423 | configured to pick that information up and trust it. |
|
423 | configured to pick that information up and trust it. | |
| 424 |
|
424 | |||
| 425 | Kallithea will by default rely on its WSGI server to provide the IP of the |
|
425 | Kallithea will by default rely on its WSGI server to provide the IP of the | |
| 426 |
client in the WSGI environment as ``REMOTE_ADDR``, but it can |
|
426 | client in the WSGI environment as ``REMOTE_ADDR``, but it can be configured to | |
| 427 | get it from the ``X-Real-IP`` or ``X-Forwarded-For`` HTTP headers. |
|
427 | get it from an HTTP header that has been set by the proxy server. For | |
|
|
428 | example, if the proxy server puts the client IP in the ``X-Forwarded-For`` | |||
|
|
429 | HTTP header, set:: | |||
|
|
430 | ||||
|
|
431 | remote_addr_variable = HTTP_X_FORWARDED_FOR | |||
| 428 |
|
432 | |||
| 429 | Kallithea will by default rely on finding the protocol (``http`` or ``https``) |
|
433 | Kallithea will by default rely on finding the protocol (``http`` or ``https``) | |
| 430 | in the WSGI environment as ``wsgi.url_scheme``. If the proxy server puts |
|
434 | in the WSGI environment as ``wsgi.url_scheme``. If the proxy server puts | |
| @@ -81,20 +81,12 b' def _filter_proxy(ip):' | |||||
| 81 |
|
81 | |||
| 82 |
|
82 | |||
| 83 | def get_ip_addr(environ): |
|
83 | def get_ip_addr(environ): | |
| 84 | proxy_key = 'HTTP_X_REAL_IP' |
|
84 | """The web server will set REMOTE_ADDR to the unfakeable IP layer client IP address. | |
| 85 | proxy_key2 = 'HTTP_X_FORWARDED_FOR' |
|
85 | If using a proxy server, make it possible to use another value, such as | |
| 86 | def_key = 'REMOTE_ADDR' |
|
86 | the X-Forwarded-For header, by setting `remote_addr_variable = HTTP_X_FORWARDED_FOR`. | |
| 87 |
|
87 | """ | ||
| 88 | ip = environ.get(proxy_key) |
|
88 | remote_addr_variable = kallithea.CONFIG.get('remote_addr_variable', 'REMOTE_ADDR') | |
| 89 | if ip: |
|
89 | return _filter_proxy(environ.get(remote_addr_variable, '0.0.0.0')) | |
| 90 | return _filter_proxy(ip) |
|
|||
| 91 |
|
||||
| 92 | ip = environ.get(proxy_key2) |
|
|||
| 93 | if ip: |
|
|||
| 94 | return _filter_proxy(ip) |
|
|||
| 95 |
|
||||
| 96 | ip = environ.get(def_key, '0.0.0.0') |
|
|||
| 97 | return _filter_proxy(ip) |
|
|||
| 98 |
|
90 | |||
| 99 |
|
91 | |||
| 100 | def get_path_info(environ): |
|
92 | def get_path_info(environ): | |
| @@ -174,6 +174,9 b' app_instance_uuid = ${uuid()}' | |||||
| 174 | <%text>##</%text> cut off limit for large diffs (size in bytes) |
|
174 | <%text>##</%text> cut off limit for large diffs (size in bytes) | |
| 175 | cut_off_limit = 256000 |
|
175 | cut_off_limit = 256000 | |
| 176 |
|
176 | |||
|
|
177 | <%text>##</%text> WSGI environment variable to get the IP address of the client (default REMOTE_ADDR) | |||
|
|
178 | #remote_addr_variable = HTTP_X_FORWARDED_FOR | |||
|
|
179 | ||||
| 177 | <%text>##</%text> always pretend the client connected using HTTPS (default false) |
|
180 | <%text>##</%text> always pretend the client connected using HTTPS (default false) | |
| 178 | #force_https = true |
|
181 | #force_https = true | |
| 179 |
|
182 | |||
General Comments 0
You need to be logged in to leave comments.
Login now