We use cookies to ensure you get the best experience on our website
Home Explore Help
Register Sign In
0ct0pu5
/
desec-stack
1
0
Fork 0
Files Issues 0 Pull Requests 0 Wiki
Browse Source

fix(api): fix django source of remote IP

In accordance with the nginx default uwsgi parameters, we cannot
trust the X-Forwarded-For HTTP header field. However, nxing uwsgi
parameters guarantee that the uwsgi REMOTE_ADDR field contains
the IP that is talking to nginx.

State prior to this commit compromise the abuse checks that are
conducted relying on the remote IP address.

This closes nils-wisiol/desec-internal#8.
Nils Wisiol 8 years ago
parent
9342584997
commit
ecee5025f3
1 changed files with 1 additions and 6 deletions
Split View Show Diff Stats
  1. 1 6
      api/desecapi/views.py

+ 1 - 6
api/desecapi/views.py
View File 

@@ -29,12 +29,7 @@ from desecapi.emails import send_account_lock_email
 
 
 
 def get_client_ip(request):
 
-    x_forwarded_for = request.META.get('HTTP_X_FORWARDED_FOR')
 
-    if x_forwarded_for:
 
-        ip = x_forwarded_for.split(',')[0]
 
-    else:
 
-        ip = request.META.get('REMOTE_ADDR')
 
-    return ip
 
+    return request.META.get('REMOTE_ADDR')
 
 
 
 class DomainList(generics.ListCreateAPIView):

Contact | Legal | Takedown | Status
Self-hosted public services - About
NibbleSpot by 0ct0pu5