Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

【IP限制】两个小问题 #2555

Open
jokimina opened this Issue Mar 28, 2019 · 0 comments

Comments

Projects
None yet
1 participant
@jokimina
Copy link
Contributor

commented Mar 28, 2019

[简述你的问题]

在参考jms写内部系统, 关于ip这一块有两个简单的想法

  1. https://github.com/jumpserver/jumpserver/blob/dev/apps/authentication/api/auth.py#L42
    允许从客户端传入的参数获取ip觉得不太好. 大部分情况部署在公网,获取x-forward-for的时候反向拿第一个公网ip不知是否可以, 如果内网的话一般就直连了(兼容的话可以考虑加个开关)
def get_request_ip(request):
    x_forwarded_for = request.META.get('HTTP_X_FORWARDED_FOR', '').split(',')
    if x_forwarded_for:
        for ip in x_forwarded_for[::-1]:
            if not ipaddress.ip_address(ip).is_private:
                login_ip = ip
                break
    else:
        login_ip = request.META.get('REMOTE_ADDR', '')
    return login_ip
  1. 要不要也单独限制下同一个ip的尝试次数, 不然变换username还是可以多次尝试
使用版本

[请提供你使用的Jumpserver版本 1.x.x 注: 0.3.x不再提供支持]

问题复现步骤
  1. [步骤1]
  2. [步骤2]
具体表现[截图可能会更好些,最好能截全]
其他

[注:] 完成后请关闭 issue

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
You can’t perform that action at this time.