Opened 2 years ago

Last modified 17 months ago

#5807 enhancement new

something in twisted.web should respect (x-)forwarded-for on the server side

Reported by: glyph Owned by: sirgolan
Priority: normal Milestone:
Component: web Keywords:
Cc: allister.macleod@… Branch: branches/forwarded-for-5807
(diff, github, buildbot, log)
Author: sirgolan Launchpad Bug:

Description (last modified by glyph)

This should work vaguely the same way that twisted.web.vhost.VHostMonsterResource works.

  • Request.getHost() should return the forwarded-for host rather than the Host:.
  • Request.isSecure should return the security of the proto parameter

Like VHostMonster, there should be some configuration required to get into this mode. One mechanism for doing that would be to have a ForwardedForParserResource; however, since the connecting address is quite important, it may also be reasonable to build this directly into Site. Trusting random forwarded-for headers off the internet would not be good, so it should be easy to specify what the address of the expected terminating proxy is.

Also, forwarded-for is a bit more expressive than the vhostmonster idiom in that it can describe multiple hops. This additional information should be exposed through an explicit API - perhaps a new forwardedFor method on Resource that returns an iterable of objects describing the hosts that it was forwarded through.

See #5806, http://tools.ietf.org/html/draft-petersson-forwarded-for-02

Change History (8)

comment:1 Changed 2 years ago by glyph

  • Component changed from core to web

comment:2 Changed 2 years ago by amacleod

  • Cc allister.macleod@… added

comment:3 Changed 2 years ago by glyph

I need to fill this out with some more details; if you want to implement it please comment first so I can fill you in.

comment:4 Changed 2 years ago by glyph

  • Description modified (diff)

I think this should be sufficient for a spec. Please comment if you think I should be more specific.

comment:5 Changed 18 months ago by sirgolan

  • Author set to sirgolan
  • Branch set to branches/forwarded-for-5807

(In [39085]) Branching to 'forwarded-for-5807'.

comment:6 Changed 18 months ago by sirgolan

  • Owner set to sirgolan

comment:7 Changed 17 months ago by sirgolan

(In [39187]) Implement Resource subclass for automatically updating the client IP taking into
account X-Forwarded-For headers. Also add a getForwarders method to the Request
class.
Refs: #5807

comment:8 Changed 17 months ago by sirgolan

(In [39188]) Renamed things to match the ticket.
Refs: #5807

Note: See TracTickets for help on using tickets.