New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

added any as valid value for the trusted_proxy adjustable #224

Merged
merged 2 commits into from Dec 13, 2018

Conversation

Projects
None yet
2 participants
@Estartu
Copy link
Contributor

Estartu commented Dec 12, 2018

Backgound is when waitress is running inside a container, any
request is originates from the gateway of the container network, not
from the outside ip. The container network changes every time the
container is restarted to a random new network number. So setting one
IP as trusted_proxy isn't possible but still needed as most of the time
an reverse proxy is between the client an the container. So if it's
ensured that only requests from the reverse proxy can reach the
container, trusting any host is not a problem.

added any as valid value for the trusted_proxy adjustable
Backgound is when waitress is running inside a container, any
request is originates from the gateway of the container network, not
from the outside ip. The container network changes every time the
container is restarted to a random new network number. So setting one
IP as trusted_proxy isn't possible but still needed as most of the time
an reverse proxy is between the client an the container. So if it's
ensured that only requests from the reverse proxy can reach the
container, trusting any host is not a problem.
@bertjwregeer

This comment has been minimized.

Copy link
Member

bertjwregeer commented Dec 12, 2018

I would prefer not to use something that could potentially be a valid remote_peer. I would accept this if it was changed to use * instead.

@Estartu

This comment has been minimized.

Copy link
Contributor

Estartu commented Dec 13, 2018

remote_peer is a IP address and any is neither a valid ipv4 nor ipv6 address. I don't see a potential mixup. But i have no problem in changing it. I will update the pull request shortly.

@Estartu Estartu force-pushed the Estartu:master branch from 0ac4d48 to e1a0952 Dec 13, 2018

@bertjwregeer

This comment has been minimized.

Copy link
Member

bertjwregeer commented Dec 13, 2018

remote_peer may also be set to localhost for instance in the unix socket case. There was also a case whereby remote_peer may go through a reverse DNS lookup which could potentially return a hostname, but I may be mistaking that with the address we listen to.

Either way, thank you for changing it.

@bertjwregeer bertjwregeer merged commit 01ae680 into Pylons:master Dec 13, 2018

2 checks passed

continuous-integration/appveyor/pr AppVeyor build succeeded
Details
continuous-integration/travis-ci/pr The Travis CI build passed
Details

bertjwregeer added a commit that referenced this pull request Dec 31, 2018

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment