zware/awx
1
0
Fork 0
mirror of https://github.com/ZwareBear/awx.git synced 2026-04-23 00:11:48 -05:00
Code Issues Packages Projects Releases Wiki Activity

add a new configurable, PROXY_IP_WHITELIST

Browse Source 
implement a whitelist setting that - if populated - will only allow
specific IPs/hostnames to provide custom REMOTE_HOST_HEADERS header
values (i.e., `HTTP_X_FORWARDED_FOR`)

see: #6538
This commit is contained in:
Ryan Petrello
2017-06-12 17:25:30 -04:00
committed by Matthew Jones
parent c821df7fd5
commit 7d12427497
6 changed files with 116 additions and 0 deletions
Download Patch File Download Diff File Expand all files Collapse all files

12
awx/api/generics.py
View File

@@ -98,6 +98,18 @@ class APIView(views.APIView):
self.time_started = time.time()
if getattr(settings, 'SQL_DEBUG', False):
self.queries_before = len(connection.queries)
# If there are any custom headers in REMOTE_HOST_HEADERS, make sure
# they respect the proxy whitelist
if all([
settings.PROXY_IP_WHITELIST,
request.environ.get('REMOTE_ADDR') not in settings.PROXY_IP_WHITELIST,
request.environ.get('REMOTE_HOST') not in settings.PROXY_IP_WHITELIST
]):
for custom_header in settings.REMOTE_HOST_HEADERS:
if custom_header.startswith('HTTP_'):
request.environ.pop(custom_header, None)
drf_request = super(APIView, self).initialize_request(request, *args, **kwargs)
request.drf_request = drf_request
return drf_request