Paste proxies with the ability to proxy to a location based upon an incoming header
Simple package that extends the proxy object within Paste to allow the WSGI proxy to read its connection location from arbitrary headers. It will keep all other headers (including Host: intact during transit); you may or may not need to adjust what you’re doing upstream accordingly.
By default, the proxy will read the host to connect to from the X-Proxy-Force-Host header and read the connection scheme from X-Proxy-Force-Scheme.
You can override these using relevant configuration like follows. Keep in mind that at time of proxy, we’re reading headers from the environ dictionary, so specify your headers in this manner. For instance, X-Proxy-Foobar will become visible in the environ dict as HTTP_PROXY_FOOBAR (noting dashes to underscores, and replacement of X with HTTP). You can make this mapping happen thusly:
[app:proxy] use = egg:djb.headerproxy force_host = HTTP_PROXY_FORCE_HOST force_scheme = HTTP_PROXY_FORCE_SCHEME
The above example is overly verbose, however, as we already default to using these specific headers. This does demonstrate how you can customise this behaviour to suit you – for instance, if your front-end automatically provides some headers, you can configure the mapping accordingly.
If unprotected, this WSGI middleware could be used as an open proxy since headers can easily be spoofed. You should take steps to either firewall off your application, drop headers at an upstream web server, run this as a local socket, or do something similar (or all of the above!).
You’ve been warned.
David Beitey, Author