diff --git a/real_ip.conf b/real_ip.conf new file mode 100644 index 0000000..904f96e --- /dev/null +++ b/real_ip.conf @@ -0,0 +1,35 @@ +# This is an example nginx configuration file for setting the real IP from +# CloudFlare for the app to use. Nginx must be built with the +# `http_realip_module` module enabled. The virtual host/server block +# serving the site should contain the line +# `proxy_set_header X-Real-IP $http_cf_connecting_ip;`. +# The list of IP prefixes should be updated periodically from +# `https://www.cloudflare.com/ips/`. See `titivillus/middleware.py` for how +# to use the new header in application. + +# Setting the real IP from CloudFlare +set_real_ip_from 103.21.244.0/22; +set_real_ip_from 103.22.200.0/22; +set_real_ip_from 103.31.4.0/22; +set_real_ip_from 104.16.0.0/12; +set_real_ip_from 108.162.192.0/18; +set_real_ip_from 131.0.72.0/22; +set_real_ip_from 141.101.64.0/18; +set_real_ip_from 162.158.0.0/15; +set_real_ip_from 172.64.0.0/13; +set_real_ip_from 173.245.48.0/20; +set_real_ip_from 188.114.96.0/20; +set_real_ip_from 190.93.240.0/20; +set_real_ip_from 197.234.240.0/22; +set_real_ip_from 198.41.128.0/17; +set_real_ip_from 2400:cb00::/32; +set_real_ip_from 2606:4700::/32; +set_real_ip_from 2803:f800::/32; +set_real_ip_from 2405:b500::/32; +set_real_ip_from 2405:8100::/32; +set_real_ip_from 2c0f:f248::/32; +set_real_ip_from 2a06:98c0::/29; + +# use any of the following two +real_ip_header CF-Connecting-IP; +#real_ip_header X-Forwarded-For; diff --git a/titivillus/middleware.py b/titivillus/middleware.py new file mode 100644 index 0000000..a39c296 --- /dev/null +++ b/titivillus/middleware.py @@ -0,0 +1,20 @@ +#!/usr/bin/env python3 +""" +Some custom middleware for titivillus. +""" + +class XRealIPMiddleware(object): + """ + Attempts to set the get the visitor's real IP by grabbing the + `X-Real-IP` header from the request. + """ + def __init__(self, get_response): + self.get_response = get_response + def __call__(self, request): + try: + real_ip = request.META['HTTP_X_REAL_IP'] + except KeyError: + pass + else: + request.META['REMOTE_ADDR'] = real_ip + return self.get_response(request) diff --git a/titivillus/settings.py b/titivillus/settings.py index d369595..c18e0b5 100644 --- a/titivillus/settings.py +++ b/titivillus/settings.py @@ -48,6 +48,7 @@ MIDDLEWARE = [ 'django.contrib.auth.middleware.AuthenticationMiddleware', 'django.contrib.messages.middleware.MessageMiddleware', 'django.middleware.clickjacking.XFrameOptionsMiddleware', + 'titivillus.middleware.XRealIPMiddleware', ] ROOT_URLCONF = 'titivillus.urls'