Merge branch 'master' of github.com:muccg/django-iprestrict

muccg · Oct 24, 2017 · aca4aef · aca4aef
2 parents d8a1f53 + 0f5f36b
commit aca4aef
Show file tree

Hide file tree

Showing 5 changed files with 29 additions and 2 deletions.
diff --git a/docs/configuration.rst b/docs/configuration.rst
@@ -159,6 +159,8 @@ Settings
 Django IP Restrict has settings to adapt to the environment in which
 your app is hosted in.
 
+.. _geoip-enabled-reference-label:
+
 IPRESTRICT_GEOIP_ENABLED
 ~~~~~~~~~~~~~~~~~~~~~~~~
 
@@ -194,3 +196,14 @@ Default: ``[]`` (Empty List)
 Use this setting when your app is hosted behind a reverse proxy. When
 values are provided, they will be checked against the HTTP
 ``X-Forwarded-For`` header to determine the true client IP address.
+
+
+IPRESTRICT_TRUST_ALL_PROXIES
+~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
+
+Default: ``False``
+
+Use this setting when using a managed proxy with a dynamic IP (like when
+behind an AWS Load Balancer, or other cloud equivalent). When this
+setting is ``True``, Django IP Restrict will always check the HTTP
+``X-Forwarded-For`` header to determine the true client IP address.
diff --git a/docs/installation.rst b/docs/installation.rst
@@ -30,6 +30,8 @@ The country based lookups are optional, if you need it you can install them with
 
     pip install django-iprestrict[geoip]
 
+**Note:** if you're not using the country based lookups you will have to set the ``IPRESTRICT_GEOIP_ENABLED`` setting to ``False`` in your ``settings.py``. See: :ref:`geoip-enabled-reference-label`.
+
 Development
 ^^^^^^^^^^^
 

diff --git a/iprestrict/middleware.py b/iprestrict/middleware.py
@@ -30,6 +30,7 @@ def __init__(self, *args, **kwargs):
         self.trusted_proxies = tuple(get_setting('IPRESTRICT_TRUSTED_PROXIES', 'TRUSTED_PROXIES', []))
         self.reload_rules = get_reload_rules_setting()
         self.ignore_proxy_header = bool(get_setting('IPRESTRICT_IGNORE_PROXY_HEADER', 'IGNORE_PROXY_HEADER', False))
+        self.trust_all_proxies = bool(get_setting('IPRESTRICT_TRUST_ALL_PROXIES', 'TRUST_ALL_PROXIES', False))
 
     def process_request(self, request):
         if self.reload_rules:
@@ -49,6 +50,8 @@ def extract_client_ip(self, request):
             if forwarded_for:
                 closest_proxy = client_ip
                 client_ip = forwarded_for.pop(0)
+                if self.trust_all_proxies:
+                    return client_ip
                 proxies = [closest_proxy] + forwarded_for
                 for proxy in proxies:
                     if proxy not in self.trusted_proxies:

diff --git a/tests/test_middleware.py b/tests/test_middleware.py
@@ -86,7 +86,7 @@ def setUp(self):
 
     def test_reload_with_custom_command(self):
         from django.core.management import call_command
-        call_command('reloadrules', verbosity=0)
+        call_command('reload_rules', verbosity=0)
 
         response = self.client.get('', REMOTE_ADDR = LOCAL_IP)
         self.assertEqual(response.status_code, 404)
@@ -143,3 +143,12 @@ def test_multiple_proxies_all_trusted(self):
         client_ip = self.middleware.extract_client_ip(request)
         self.assertEquals(client_ip, LOCAL_IP)
 
+    @override_settings(IPRESTRICT_TRUSTED_PROXIES=(PROXY,), IPRESTRICT_TRUST_ALL_PROXIES=True)
+    def test_trust_all_proxies_on(self):
+        self.middleware = IPRestrictMiddleware()
+        proxies = ['1.1.1.1', '2.2.2.2', '3.3.3.3', '4.4.4.4']
+        request = self.factory.get('', REMOTE_ADDR=PROXY,
+           HTTP_X_FORWARDED_FOR = ', '.join([LOCAL_IP] + proxies))
+
+        client_ip = self.middleware.extract_client_ip(request)
+        self.assertEquals(client_ip, LOCAL_IP)
diff --git a/tests/test_reloading.py b/tests/test_reloading.py
@@ -45,4 +45,4 @@ def test_reload_view(self):
 
 class ReloadByCommand(ReloadByViewTest):
     def reload_rules(self):
-        call_command('reloadrules')
+        call_command('reload_rules')