zware/awx
1
0
Fork 0
mirror of https://github.com/ZwareBear/awx.git synced 2026-05-15 07:48:38 -05:00
Code Issues Packages Projects Releases Wiki Activity

add a new configurable, PROXY_IP_WHITELIST

Browse Source 
implement a whitelist setting that - if populated - will only allow
specific IPs/hostnames to provide custom REMOTE_HOST_HEADERS header
values (i.e., `HTTP_X_FORWARDED_FOR`)

see: #6538
This commit is contained in:
Ryan Petrello
2017-06-12 17:25:30 -04:00
committed by Matthew Jones
parent c821df7fd5
commit 7d12427497
6 changed files with 116 additions and 0 deletions
Download Patch File Download Diff File Expand all files Collapse all files
awx/settings/defaults.py
+9
View File
@@ -152,6 +152,15 @@ ALLOWED_HOSTS = []
# reverse proxy.
REMOTE_HOST_HEADERS = ['REMOTE_ADDR', 'REMOTE_HOST']
# If Tower is behind a reverse proxy/load balancer, use this setting to
# whitelist the proxy IP addresses from which Tower should trust custom
# REMOTE_HOST_HEADERS header values
# REMOTE_HOST_HEADERS = ['HTTP_X_FORWARDED_FOR', ''REMOTE_ADDR', 'REMOTE_HOST']
# PROXY_IP_WHITELIST = ['10.0.1.100', '10.0.1.101']
# If this setting is an empty list (the default), the headers specified by
# REMOTE_HOST_HEADERS will be trusted unconditionally')
PROXY_IP_WHITELIST = []
# Note: This setting may be overridden by database settings.
STDOUT_MAX_BYTES_DISPLAY = 1048576