Closed
Bug 983249
Opened 10 years ago
Closed 10 years ago
Use X-Forwarded-For HTTP Header for client location detection
Categories
(Marketplace Graveyard :: General, defect, P1)
Tracking
(Not tracked)
RESOLVED
FIXED
People
(Reporter: jason, Assigned: jason)
References
Details
REMOTE_ADDR does not always have the correct client IP information, especially with IPV6 requests. We pass X-Forwarded-For HTTP Header with client IP address information for both IPV4 and IPV6 addresses and we should use that instead. https://github.com/mozilla/zamboni/blob/master/mkt/regions/middleware.py#L22
Comment 1•10 years ago
|
||
We are already doing that (we populate REMOTE_ADDR with HTTP_X_FORWARDED_FOR) with 'commonware.middleware.SetRemoteAddrFromForwardedFor' in our MIDDLEWARE_CLASSES settings. It was updated a few months ago to support IPV6.
Comment 2•10 years ago
|
||
See https://github.com/jsocol/commonware/blob/master/commonware/request/middleware.py#L18
Assignee | ||
Comment 3•10 years ago
|
||
We may just need to update KNOWN_PROXIES to include our LB address as it is not currently listed. https://github.com/mozilla/zamboni/blob/master/sites/prod/settings_base.py
Assignee | ||
Comment 4•10 years ago
|
||
Updated https://github.com/mozilla/zamboni/commit/cc9fbd1289322383b22f08aad0e5ff5166b1f34d.
Assignee | ||
Updated•10 years ago
|
Status: NEW → RESOLVED
Closed: 10 years ago
Resolution: --- → FIXED
Assignee | ||
Updated•10 years ago
|
Assignee: nobody → jthomas
You need to log in
before you can comment on or make changes to this bug.
Description
•