Set the correct REMOTE_ADDR
based on the X-Forwarded-For
header, while only trusting the CloudFront IP addresses.
This module is applied as WSGI middleware, fixing the IP-address retrieval for the entire application in a secure manner. As extra benefit, external packages no longer have to write abstraction layers to retrieve the IP-address header.
In Django edit the wsgi.py
file to apply the module:
from django.core.wsgi import get_wsgi_application
from wsgi_aws_unproxy import UnProxy
application = get_wsgi_application()
application = UnProxy(application)
Now all packages can just read request.META['REMOTE_ADDR']
to fetch the correct IP. This includes contact forms, Sentry error reporting and rate limiting tools.
You can install the latest version using pip:
pip install wsgi-aws-unproxy
And apply it as WSGI middleware:
from wsgi_aws_unproxy import UnProxy
application = UnProxy(application)