Home>

I want to change the default IP address obtained by the django app running on Heroku from REMOTE_ADDR to HTTP_X_FORWARDED_FOR.

So I created middleware.py in the same hierarchy as settings.py and made the contents as follows.

middleware.py

from django.http import HttpResponse
class RemoteAddrMiddleware (object):
    def __init __ (self, get_response):
        self.get_response = get_response
    def __call __ (self, request):
        return self.get_response (request)
    def process_request (self, request):
        if'HTTP_X_FORWARDED_FOR' in request.META:
            ip = request.META ['HTTP_X_FORWARDED_FOR'] .split (',') [0] .strip ()
            request.META ['REMOTE_ADDR'] = ip

settings.py

MIDDLEWARE = ​​[
    'django.middleware.security.SecurityMiddleware',
    ..
    ..
    'myproject.middleware.RemoteAddrMiddleware', # Addendum
]

However, it was not successful, and I would be grateful if anyone could give me some advice on what to do.

  • Answer # 1

    problem:MIDDLEWAREMIDDLEWARE_CLASSESIt is an implementation that seems to be confused with.
    (Check the version to see if it was implemented based on old information)

    First, use logging etc.__call__Orprocess_requestLet's check if is called.

    MiddlewareMixin__call__Calls process_request.
    now__call__Does not have a process_request call.
    In conventional middleware, process_request is called directly, so
    I think that the "implementation method" and "configuration method" of the middleware are based on the information of different versions.

    MIDDLEEAREWhen setting to

    Middleware classes inherit from MiddlewareMixin

    __call__Do not override


    Reference

    django document --middleware

    Upgrade Django 1.10 or earlier style middleware


    About middleware for reverse proxy
    This is old information, but please check the following information as well.

    HTTP_X_FORWARDED_FOR references must be trusted
    It is written that it can be disguised.

    django secondary-issue

    django-ipware

    1.0 had django.middleware.http.SetRemoteAddrFromForwardedFor, so why not check out alternative classes and more?

    Removed SetRemoteAddrFromForwardedFor middleware

    The implementation before it was removed is as followsMIDDLEWARE_CLASSESIt is used in.

    SetRemoteAddrFromForwardedFor class

    class SetRemoteAddrFromForwardedFor (object):
        "" "
        Middleware that sets REMOTE_ADDR based on HTTP_X_FORWARDED_FOR, if the
        latter is set. This is useful if you're sitting behind a reverse proxy that
        causes each request's REMOTE_ADDR to be set to 127.0.0.1.
        Note that this does NOT validate HTTP_X_FORWARDED_FOR. If you're not behind
        a reverse proxy that sets HTTP_X_FORWARDED_FOR automatically, do not use
        this middleware. Anybody can spoof the value of HTTP_X_FORWARDED_FOR, and
        because this sets REMOTE_ADDR based on HTTP_X_FORWARDED_FOR, that means
        anybody can "fake" their IP address. Only use this when you can absolutely
        trust the value of HTTP_X_FORWARDED_FOR.
        "" "
        def process_request (self, request):
            try: try:
                real_ip = request.META ['HTTP_X_FORWARDED_FOR']
            except KeyError:
                return None
            else: else:
                # HTTP_X_FORWARDED_FOR can be a comma-separated list of IPs. The
                # client's IP will be the first one.
                real_ip = real_ip.split (",") [0] .strip ()
                request.META ['REMOTE_ADDR'] = real_ip