Sets REMOTE_ADDR to the correct value when behind Cloudflare, based on the Cf-Connecting-Ip header, when requests originate from Cloudflare's IP range.
Project description
wsgi_cloudflare_proxy_fix is a WSGI middleware that safely sets the REMOTE_ADDR environment variable to the value of the Cf-Connecting-Ip header for requests originating from Cloudflare.
In addition, it sets a CF_TRUSTED environment variable to True for all requests originating from Cloudflare.
Installation
Install wsgi_cloudflare_proxy_fix using pip:
pip install wsgi_cloudflare_proxy_fix
Usage
The following examples assume werkzeug.middleware.proxy_fix.ProxyFix is being used to read the X-Forwarded-For and X-Forwarded-Proto headers.
For a standalone WSGI application:
import logging
from wsgi_cloudflare_proxy_fix import CloudflareProxyFix
from werkzeug.middleware.proxy_fix import ProxyFix
application = CloudflareProxyFix(application, log_level=logging.INFO)
application = ProxyFix(application)
For a Flask application:
import logging
from wsgi_cloudflare_proxy_fix import CloudflareProxyFix
from werkzeug.middleware.proxy_fix import ProxyFix
def create_app():
app = Flask(__name__)
app.wsgi_app = CloudflareProxyFix(app.wsgi_app, log_level=logging.INFO)
app.wsgi_app = ProxyFix(app.wsgi_app)
return app
Testing
To verify the proxy fix is working as expected in your production environment, the CloudflareProxyFixTest middleware can be used by adding the following to your application:
import logging
from wsgi_cloudflare_proxy_fix import CloudflareProxyFix, CloudflareProxyFixTest
from werkzeug.middleware.proxy_fix import ProxyFix
def create_app():
app = Flask(__name__)
app.wsig_app = CloudflareProxyFixTest(app.wsgi_app, path="/debug/cf-test")
app.wsgi_app = CloudflareProxyFix(app.wsgi_app, log_level=logging.INFO)
app.wsgi_app = ProxyFix(app.wsgi_app)
return app
And making a request to the debug/cf-test endpoint:
$ curl http://localhost:5000/debug/cf-test { "CF_TRUSTED": null, "REMOTE_ADDR": "127.0.0.1" "wsgi_cloudflare_proxy_fix.orig": null, } $ curl -H 'X-Forwarded-For: 103.31.4.1' -H 'Cf-Connecting-Ip: 1.2.3.4' http://localhost:5000/debug/cf-test { "CF_TRUSTED": true, "REMOTE_ADDR": "1.2.3.4", "wsgi_cloudflare_proxy_fix.orig": { "REMOTE_ADDR": "103.31.4.1" } }
Project details
Release history Release notifications | RSS feed
Download files
Download the file for your platform. If you're not sure which to choose, learn more about installing packages.
Source Distribution
Built Distribution
File details
Details for the file wsgi_cloudflare_proxy_fix-0.1.2.tar.gz
.
File metadata
- Download URL: wsgi_cloudflare_proxy_fix-0.1.2.tar.gz
- Upload date:
- Size: 3.2 kB
- Tags: Source
- Uploaded using Trusted Publishing? No
- Uploaded via: poetry/1.4.1 CPython/3.9.12 Darwin/21.6.0
File hashes
Algorithm | Hash digest | |
---|---|---|
SHA256 | 4599087b5a0a7162e1a29a62235aedc35b2a95ada9c05f21fa67a2de41774daa |
|
MD5 | 23fa889dae225ee7b6cb1eadfd542fa1 |
|
BLAKE2b-256 | 6cb3fd2281a91ffe55a69e74aa4b71d031c238059800b3307a8f21184b13b00c |
File details
Details for the file wsgi_cloudflare_proxy_fix-0.1.2-py3-none-any.whl
.
File metadata
- Download URL: wsgi_cloudflare_proxy_fix-0.1.2-py3-none-any.whl
- Upload date:
- Size: 3.9 kB
- Tags: Python 3
- Uploaded using Trusted Publishing? No
- Uploaded via: poetry/1.4.1 CPython/3.9.12 Darwin/21.6.0
File hashes
Algorithm | Hash digest | |
---|---|---|
SHA256 | 801b5585845c3f69033198c231a9234a82fd3a67bfa7bccc7b2221887bfb8c4c |
|
MD5 | e98d8a0109ead2012a2c5f368c0fb170 |
|
BLAKE2b-256 | fe2bedf1c3be586d26a152d7c36ad1281d3a974a0be07bc74b0a01c7be54c01b |