(fix) LP #143352 Log the client ip in proxy case

This implements the idea of the patch from https://bugs.launchpad.net/zope2/+bug/143352 but also honours the trusted-proxy setting.
zopefoundation · Aug 5, 2013 · 1b37393 · 1b37393
1 parent f75c4e3
commit 1b37393
Show file tree

Hide file tree

Showing 2 changed files with 20 additions and 2 deletions.
diff --git a/src/ZServer/medusa/http_server.py b/src/ZServer/medusa/http_server.py
@@ -6,7 +6,7 @@
 #						 All Rights Reserved.
 #
 
-RCS_ID =  '$Id$'
+RCS_ID =  '$Id: http_server.py 121227 2011-04-03 16:39:36Z hannosch $'
 
 # python modules
 import os
@@ -40,6 +40,16 @@
 #							Request Object
 # ===========================================================================
 
+# The trusted_proxies configuration setting contains a sequence
+# of front-end proxies that are trusted to supply an accurate
+# X_FORWARDED_FOR header. If a request comes from a trusted proxy
+# and contains an X_FORWARDED_FOR header, the address provided by
+# X_FORWARDED_FOR will be logged
+# The ZConfig machinery may sets this attribute on initialization
+# if any trusted-proxies
+
+trusted_proxies = []
+
 class http_request:
 
         # default reply code
@@ -270,6 +280,12 @@ def log_date_string (self, when):
                tz_for_log
 
     def log (self, bytes):
+        origin = self.channel.addr[0]
+        if origin in trusted_proxies and self.get_header('x-forwarded-for'):
+            forwarded = self.get_header('x-forwarded-for')
+            forwarded = forwarded.split(',')[-1].strip()
+            if forwarded:
+                origin = forwarded
         user_agent=self.get_header('user-agent')
         if not user_agent: user_agent=''
         referer=self.get_header('referer')
@@ -288,7 +304,7 @@ def log (self, bytes):
                     name = t[0]
 
         self.channel.server.logger.log (
-            self.channel.addr[0],
+            origin,
             '- %s [%s] "%s" %d %d "%s" "%s"\n' % (
                 name,
                 self.log_date_string (time.time()),

diff --git a/src/Zope2/Startup/handlers.py b/src/Zope2/Startup/handlers.py
@@ -134,11 +134,13 @@ def root_handler(config):
     # set up trusted proxies
     if config.trusted_proxies:
         from ZPublisher import HTTPRequest
+        from ZServer.medusa import http_server
         # DM 2004-11-24: added host name mapping (such that examples in
         # conf file really have a chance to work
         mapped = []
         for name in config.trusted_proxies: mapped.extend(_name2Ips(name))
         HTTPRequest.trusted_proxies = tuple(mapped)
+        http_server.trusted_proxies = tuple(mapped)
 
     # set the maximum number of ConflictError retries
     if config.max_conflict_retries: