Waitress WSGI server
Waitress is meant to be a production-quality pure-Python WSGI server with very acceptable performance. It has no dependencies except ones which live in the Python standard library. It runs on CPython on Unix and Windows under Python 2.7+ and Python 3.4+. It is also known to run on PyPy 1.6.0+ on UNIX. It supports HTTP/1.0 and HTTP/1.1.
For more information, see the “docs” directory of the Waitress package or visit https://docs.pylonsproject.org/projects/waitress/en/latest/
- When given an IPv6 address in X-Forwarded-For or Forwarded for= waitress was placing the IP address in REMOTE_ADDR with brackets: [2001:db8::0], this does not match the requirements in the CGI spec which REMOTE_ADDR was lifted from. Waitress will now place the bare IPv6 address in REMOTE_ADDR: 2001:db8::0. See https://github.com/Pylons/waitress/pull/232 and https://github.com/Pylons/waitress/issues/230
No changes since the last beta release. Enjoy Waitress!
- Fixed logic to no longer warn on writes where the output is required to have a body but there may not be any data to be written. Solves issue posted on the Pylons Project mailing list with 1.2.0b1.
Happy New Year!
Setting the trusted_proxy setting to '*' (wildcard) will allow all upstreams to be considered trusted proxies, thereby allowing services behind Cloudflare/ELBs to function correctly whereby there may not be a singular IP address that requests are received from.
Using this setting is potentially dangerous if your server is also available from anywhere on the internet, and further protections should be used to lock down access to Waitress. See https://github.com/Pylons/waitress/pull/224
Waitress has increased its support of the X-Forwarded-* headers and includes Forwarded (RFC7239) support. This may be used to allow proxy servers to influence the WSGI environment. See https://github.com/Pylons/waitress/pull/209
This also provides a new security feature when using Waitress behind a proxy in that it is possible to remove untrusted proxy headers thereby making sure that downstream WSGI applications don’t accidentally use those proxy headers to make security decisions.
The documentation has more information, see the following new arguments:
- log_untrusted_proxy_headers (useful for debugging)
Be aware that the defaults for these are currently backwards compatible with older versions of Waitress, this will change in a future release of waitress. If you expect to need this behaviour please explicitly set these variables in your configuration, or pin this version of waitress.
Waitress can now accept a list of sockets that are already pre-bound rather than creating its own to allow for socket activation. Support for init systems/other systems that create said activated sockets is not included. See https://github.com/Pylons/waitress/pull/215
Server header can be omitted by specifying ident=None or ident=''. See https://github.com/Pylons/waitress/pull/187
- Waitress will no longer send Transfer-Encoding or Content-Length for 1xx, 204, or 304 responses, and will completely ignore any message body sent by the WSGI application, making sure to follow the HTTP standard. See https://github.com/Pylons/waitress/pull/166, https://github.com/Pylons/waitress/issues/165, https://github.com/Pylons/waitress/issues/152, and https://github.com/Pylons/waitress/pull/202
- Waitress has now “vendored” asyncore into itself as waitress.wasyncore. This is to cope with the eventuality that asyncore will be removed from the Python standard library in 3.8 or so.
Release history Release notifications
Download the file for your platform. If you're not sure which to choose, learn more about installing packages.
|Filename, size & hash SHA256 hash help||File type||Python version||Upload date|
|waitress-1.2.1-py2.py3-none-any.whl (140.8 kB) Copy SHA256 hash SHA256||Wheel||py2.py3|
|waitress-1.2.1.tar.gz (162.6 kB) Copy SHA256 hash SHA256||Source||None|