diff --git a/src/sentry/middleware/proxy.py b/src/sentry/middleware/proxy.py index 7a598d64e950df..f16a1503e903a5 100644 --- a/src/sentry/middleware/proxy.py +++ b/src/sentry/middleware/proxy.py @@ -11,7 +11,8 @@ def process_request(self, request): # HTTP_X_FORWARDED_FOR can be a comma-separated list of IPs. # Take just the first one. real_ip = real_ip.split(",")[0] - if ':' in real_ip: + if ':' in real_ip and '.' in real_ip: + # Strip the port number off of an IPv4 FORWARDED_FOR entry. real_ip = real_ip.split(':', 1)[0] request.META['REMOTE_ADDR'] = real_ip diff --git a/tests/sentry/middleware/test_proxy.py b/tests/sentry/middleware/test_proxy.py index b22f517ad73461..e2a68ff902c61b 100644 --- a/tests/sentry/middleware/test_proxy.py +++ b/tests/sentry/middleware/test_proxy.py @@ -1,10 +1,11 @@ from __future__ import absolute_import from exam import fixture -from django.http import HttpResponse, StreamingHttpResponse +from django.http import HttpRequest, HttpResponse, StreamingHttpResponse from sentry.testutils import TestCase -from sentry.middleware.proxy import ContentLengthHeaderMiddleware +from sentry.middleware.proxy import ( + ContentLengthHeaderMiddleware, SetRemoteAddrFromForwardedFor) class ContentLengthHeaderMiddlewareTest(TestCase): @@ -19,3 +20,19 @@ def test_streaming(self): response = self.middleware.process_response(None, StreamingHttpResponse()) assert 'Transfer-Encoding' not in response assert 'Content-Length' not in response + + +class SetRemoteAddrFromForwardedForTestCase(TestCase): + middleware = fixture(SetRemoteAddrFromForwardedFor) + + def test_ipv4(self): + request = HttpRequest() + request.META['HTTP_X_FORWARDED_FOR'] = '8.8.8.8:80,8.8.4.4' + self.middleware.process_request(request) + assert request.META['REMOTE_ADDR'] == '8.8.8.8' + + def test_ipv6(self): + request = HttpRequest() + request.META['HTTP_X_FORWARDED_FOR'] = '2001:4860:4860::8888,2001:4860:4860::8844' + self.middleware.process_request(request) + assert request.META['REMOTE_ADDR'] == '2001:4860:4860::8888'