Skip to content

HTTPS clone URL

Subversion checkout URL

You can clone with HTTPS or Subversion.

Download ZIP
Browse files

[1.2.X] Fixed #11877 -- Documented that HttpRequest.get_host() fails …

…behind multiple reverse proxies, and added an example middleware solution. Thanks to Tom Evans for the report, and arnav for the patch.

Backport of [14493] from trunk.

git-svn-id: http://code.djangoproject.com/svn/django/branches/releases/1.2.X@14494 bcc190cf-cafb-0310-a4f2-bffc1f526a37
  • Loading branch information...
commit 6e201bcae22adcdf6894e56ad7426cc624bf85fd 1 parent 0164ee0
Gabriel Hurley authored
Showing with 31 additions and 8 deletions.
  1. +31 −8 docs/ref/request-response.txt
View
39 docs/ref/request-response.txt
@@ -189,16 +189,39 @@ Methods
.. method:: HttpRequest.get_host()
- .. versionadded:: 1.0
-
- Returns the originating host of the request using information from the
- ``HTTP_X_FORWARDED_HOST`` and ``HTTP_HOST`` headers (in that order). If
- they don't provide a value, the method uses a combination of
- ``SERVER_NAME`` and ``SERVER_PORT`` as detailed in `PEP 333`_.
+ .. versionadded:: 1.0
- .. _PEP 333: http://www.python.org/dev/peps/pep-0333/
+ Returns the originating host of the request using information from the
+ ``HTTP_X_FORWARDED_HOST`` and ``HTTP_HOST`` headers (in that order). If
+ they don't provide a value, the method uses a combination of
+ ``SERVER_NAME`` and ``SERVER_PORT`` as detailed in `PEP 333`_.
+
+ .. _PEP 333: http://www.python.org/dev/peps/pep-0333/
+
+ Example: ``"127.0.0.1:8000"``
+
+ .. note:: The :meth:`~HttpRequest.get_host()` method fails when the host is
+ behind multiple proxies. One solution is to use middleware to rewrite
+ the proxy headers, as in the following example::
+
+ class MultipleProxyMiddleware(object):
+ FORWARDED_FOR_FIELDS = [
+ 'HTTP_X_FORWARDED_FOR',
+ 'HTTP_X_FORWARDED_HOST',
+ 'HTTP_X_FORWARDED_SERVER',
+ ]
+
+ def process_request(self, request):
+ """
+ Rewrites the proxy headers so that only the most
+ recent proxy is used.
+ """
+ for field in self.FORWARDED_FOR_FIELDS:
+ if field in request.META:
+ if ',' in request.META[field]:
+ parts = request.META[field].split(',')
+ request.META[field] = parts[-1].strip()
- Example: ``"127.0.0.1:8000"``
.. method:: HttpRequest.get_full_path()
Please sign in to comment.
Something went wrong with that request. Please try again.