[Web-SIG] REMOTE_ADDR and proxys
Benoit Chesneau
bchesneau at gmail.com
Mon Oct 13 14:26:48 CEST 2014
On Sun, Oct 12, 2014 at 11:38 PM, Robert Collins <robertc at robertcollins.net>
wrote:
> On 30 September 2014 11:47, Alan Kennedy <alan at xhaus.com> wrote:
>
> > [Robert]
> >> So it sounds like it should be the responsibility of a middleware to
> >> renormalize the environment?
> >
> > In order for that to be the case, you have strictly define what
> > "normalization" means.
>
> For a given deployment its well defined. I agree that in general its not.
>
> > I believe that it is not possible to fully specify "normalization", and
> that
> > any attempt to do so is futile.
> >
> > If you want to attempt it for the specific scenarios that your particular
> > application has to deal with, then by all means code your version of
> > "normalization" into your application. Or write some middleware to do it.
> >
> > But trying to make "normalization" a part of a WSGI-style specification
> is
> > impossible.
>
> I don't recall proposing that it should be in a WSGI-style spec.
>
> -Rob
>
> --
> Robert Collins <rbtcollins at hp.com>
> Distinguished Technologist
> HP Converged Cloud
> _______________________________________________
> Web-SIG mailing list
> Web-SIG at python.org
> Web SIG: http://www.python.org/sigs/web-sig
> Unsubscribe:
> https://mail.python.org/mailman/options/web-sig/bchesneau%40gmail.com
>
All this issue looks like the problem raised (and not yet solved) recently
in Gunicorn when the REMOTE_ADDR has been handled more strictly and we
removed all the X-Forward-* headers handling:
https://github.com/benoitc/gunicorn/issues/797
There is another case to take in consideration, when your server is
answering on unix sockets, so you don't have any TCP address to present.
For now we answer with an empty field.
Also some application frameworks recently removed the middleware handling
X-Forward-* headers. I wonder why.
There is an RFC for forward headers: http://tools.ietf.org/html/rfc7239 .
For me instead of trying to change the strict behaviour of REMOTE_ADDR I
wonder if we shouldn't rather add a new field to the environ. Thoughts?
- benoit
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://mail.python.org/pipermail/web-sig/attachments/20141013/4f5c5210/attachment.html>
More information about the Web-SIG
mailing list