Skip to content
This repository

HTTPS clone URL

Subversion checkout URL

You can clone with HTTPS or Subversion.

Download ZIP
Browse code

Fixed #11877 -- Documented that HttpRequest.get_host() fails behind m…

…ultiple reverse proxies, and added an example middleware solution. Thanks to Tom Evans for the report, and arnav for the patch.

git-svn-id: http://code.djangoproject.com/svn/django/trunk@14493 bcc190cf-cafb-0310-a4f2-bffc1f526a37
  • Loading branch information...
commit d6e33795a90fe1cfd487acf230ddef1d9a28552a 1 parent f90b0f6
authored November 07, 2010

Showing 1 changed file with 31 additions and 8 deletions. Show diff stats Hide diff stats

  1. 39  docs/ref/request-response.txt
39  docs/ref/request-response.txt
@@ -210,16 +210,39 @@ Methods
210 210
 
211 211
 .. method:: HttpRequest.get_host()
212 212
 
213  
-   .. versionadded:: 1.0
214  
-
215  
-   Returns the originating host of the request using information from the
216  
-   ``HTTP_X_FORWARDED_HOST`` and ``HTTP_HOST`` headers (in that order). If
217  
-   they don't provide a value, the method uses a combination of
218  
-   ``SERVER_NAME`` and ``SERVER_PORT`` as detailed in `PEP 333`_.
  213
+    .. versionadded:: 1.0
219 214
 
220  
-   .. _PEP 333: http://www.python.org/dev/peps/pep-0333/
  215
+    Returns the originating host of the request using information from the
  216
+    ``HTTP_X_FORWARDED_HOST`` and ``HTTP_HOST`` headers (in that order). If
  217
+    they don't provide a value, the method uses a combination of
  218
+    ``SERVER_NAME`` and ``SERVER_PORT`` as detailed in `PEP 333`_.
  219
+
  220
+    .. _PEP 333: http://www.python.org/dev/peps/pep-0333/
  221
+
  222
+    Example: ``"127.0.0.1:8000"``
  223
+
  224
+    .. note:: The :meth:`~HttpRequest.get_host()` method fails when the host is
  225
+        behind multiple proxies. One solution is to use middleware to rewrite
  226
+        the proxy headers, as in the following example::
  227
+
  228
+            class MultipleProxyMiddleware(object):
  229
+                FORWARDED_FOR_FIELDS = [
  230
+                    'HTTP_X_FORWARDED_FOR',
  231
+                    'HTTP_X_FORWARDED_HOST',
  232
+                    'HTTP_X_FORWARDED_SERVER',
  233
+                ]
  234
+
  235
+                def process_request(self, request):
  236
+                    """
  237
+                    Rewrites the proxy headers so that only the most
  238
+                    recent proxy is used.
  239
+                    """
  240
+                    for field in self.FORWARDED_FOR_FIELDS:
  241
+                        if field in request.META:
  242
+                            if ',' in request.META[field]:
  243
+                                parts = request.META[field].split(',')
  244
+                                request.META[field] = parts[-1].strip()
221 245
 
222  
-   Example: ``"127.0.0.1:8000"``
223 246
 
224 247
 .. method:: HttpRequest.get_full_path()
225 248
 

0 notes on commit d6e3379

Please sign in to comment.
Something went wrong with that request. Please try again.