Sets REMOTE_ADDR to the correct value when behind Cloudflare, based on the Cf-Connecting-Ip header, when requests originate from Cloudflare's IP range.
Project description
wsgi_cloudflare_proxy_fix is a WSGI middleware that safely sets the REMOTE_ADDR environment variable to the value of the Cf-Connecting-Ip header for requests originating from Cloudflare.
In addition, it sets a CF_TRUSTED environment variable to True for all requests originating from Cloudflare.
Installation
Install wsgi_cloudflare_proxy_fix using pip:
pip install wsgi_cloudflare_proxy_fix
Usage
The following examples assume werkzeug.middleware.proxy_fix.ProxyFix is being used to read the X-Forwarded-For and X-Forwarded-Proto headers.
For a standalone WSGI application:
import logging
from wsgi_cloudflare_proxy_fix import CloudflareProxyFix
from werkzeug.middleware.proxy_fix import ProxyFix
application = CloudflareProxyFix(application, log_level=logging.INFO)
application = ProxyFix(application)
For a Flask application:
import logging
from wsgi_cloudflare_proxy_fix import CloudflareProxyFix
from werkzeug.middleware.proxy_fix import ProxyFix
def create_app():
app = Flask(__name__)
app.wsgi_app = CloudflareProxyFix(app.wsgi_app, log_level=logging.INFO)
app.wsgi_app = ProxyFix(app.wsgi_app)
return app
Testing
To verify the proxy fix is working as expected in your production environment, the CloudflareProxyFixTest middleware can be used by adding the following to your application:
import logging
from wsgi_cloudflare_proxy_fix import CloudflareProxyFix, CloudflareProxyFixTest
from werkzeug.middleware.proxy_fix import ProxyFix
def create_app():
app = Flask(__name__)
app.wsig_app = CloudflareProxyFixTest(app.wsgi_app, path="/debug/cf-test")
app.wsgi_app = CloudflareProxyFix(app.wsgi_app, log_level=logging.INFO)
app.wsgi_app = ProxyFix(app.wsgi_app)
return app
And making a request to the debug/cf-test endpoint:
$ curl http://localhost:5000/debug/cf-test { "CF_TRUSTED": null, "REMOTE_ADDR": "127.0.0.1" "wsgi_cloudflare_proxy_fix.orig": null, } $ curl -H 'X-Forwarded-For: 103.31.4.1' -H 'Cf-Connecting-Ip: 1.2.3.4' http://localhost:5000/debug/cf-test { "CF_TRUSTED": true, "REMOTE_ADDR": "1.2.3.4", "wsgi_cloudflare_proxy_fix.orig": { "REMOTE_ADDR": "103.31.4.1" } }
Project details
Release history Release notifications | RSS feed
Download files
Download the file for your platform. If you're not sure which to choose, learn more about installing packages.
Source Distribution
Built Distribution
Hashes for wsgi_cloudflare_proxy_fix-0.1.2.tar.gz
Algorithm | Hash digest | |
---|---|---|
SHA256 | 4599087b5a0a7162e1a29a62235aedc35b2a95ada9c05f21fa67a2de41774daa |
|
MD5 | 23fa889dae225ee7b6cb1eadfd542fa1 |
|
BLAKE2b-256 | 6cb3fd2281a91ffe55a69e74aa4b71d031c238059800b3307a8f21184b13b00c |
Hashes for wsgi_cloudflare_proxy_fix-0.1.2-py3-none-any.whl
Algorithm | Hash digest | |
---|---|---|
SHA256 | 801b5585845c3f69033198c231a9234a82fd3a67bfa7bccc7b2221887bfb8c4c |
|
MD5 | e98d8a0109ead2012a2c5f368c0fb170 |
|
BLAKE2b-256 | fe2bedf1c3be586d26a152d7c36ad1281d3a974a0be07bc74b0a01c7be54c01b |