Skip to main content

Sets REMOTE_ADDR to the correct value when behind Cloudflare, based on the Cf-Connecting-Ip header, when requests originate from Cloudflare's IP range.

Project description

wsgi_cloudflare_proxy_fix is a WSGI middleware that safely sets the REMOTE_ADDR environment variable to the value of the Cf-Connecting-Ip header for requests originating from Cloudflare.

In addition, it sets a CF_TRUSTED environment variable to True for all requests originating from Cloudflare.

Installation

Install wsgi_cloudflare_proxy_fix using pip:

pip install wsgi_cloudflare_proxy_fix

Usage

The following examples assume werkzeug.middleware.proxy_fix.ProxyFix is being used to read the X-Forwarded-For and X-Forwarded-Proto headers.

For a standalone WSGI application:

import logging
from wsgi_cloudflare_proxy_fix import CloudflareProxyFix
from werkzeug.middleware.proxy_fix import ProxyFix

application = CloudflareProxyFix(application, log_level=logging.INFO)
application = ProxyFix(application)

For a Flask application:

import logging
from wsgi_cloudflare_proxy_fix import CloudflareProxyFix
from werkzeug.middleware.proxy_fix import ProxyFix

def create_app():
    app = Flask(__name__)
    app.wsgi_app = CloudflareProxyFix(app.wsgi_app, log_level=logging.INFO)
    app.wsgi_app = ProxyFix(app.wsgi_app)
    return app

Testing

To verify the proxy fix is working as expected in your production environment, the CloudflareProxyFixTest middleware can be used by adding the following to your application:

import logging
from wsgi_cloudflare_proxy_fix import CloudflareProxyFix, CloudflareProxyFixTest
from werkzeug.middleware.proxy_fix import ProxyFix

def create_app():
    app = Flask(__name__)
    app.wsig_app = CloudflareProxyFixTest(app.wsgi_app, path="/debug/cf-test")
    app.wsgi_app = CloudflareProxyFix(app.wsgi_app, log_level=logging.INFO)
    app.wsgi_app = ProxyFix(app.wsgi_app)
    return app

And making a request to the debug/cf-test endpoint:

$ curl http://localhost:5000/debug/cf-test
{
    "CF_TRUSTED": null,
    "REMOTE_ADDR": "127.0.0.1"
    "wsgi_cloudflare_proxy_fix.orig": null,
}
$ curl -H 'X-Forwarded-For: 103.31.4.1' -H 'Cf-Connecting-Ip: 1.2.3.4' http://localhost:5000/debug/cf-test
{
    "CF_TRUSTED": true,
    "REMOTE_ADDR": "1.2.3.4",
    "wsgi_cloudflare_proxy_fix.orig": {
        "REMOTE_ADDR": "103.31.4.1"
    }
}

Project details


Download files

Download the file for your platform. If you're not sure which to choose, learn more about installing packages.

Source Distribution

wsgi_cloudflare_proxy_fix-0.1.2.tar.gz (3.2 kB view details)

Uploaded Source

Built Distribution

File details

Details for the file wsgi_cloudflare_proxy_fix-0.1.2.tar.gz.

File metadata

  • Download URL: wsgi_cloudflare_proxy_fix-0.1.2.tar.gz
  • Upload date:
  • Size: 3.2 kB
  • Tags: Source
  • Uploaded using Trusted Publishing? No
  • Uploaded via: poetry/1.4.1 CPython/3.9.12 Darwin/21.6.0

File hashes

Hashes for wsgi_cloudflare_proxy_fix-0.1.2.tar.gz
Algorithm Hash digest
SHA256 4599087b5a0a7162e1a29a62235aedc35b2a95ada9c05f21fa67a2de41774daa
MD5 23fa889dae225ee7b6cb1eadfd542fa1
BLAKE2b-256 6cb3fd2281a91ffe55a69e74aa4b71d031c238059800b3307a8f21184b13b00c

See more details on using hashes here.

File details

Details for the file wsgi_cloudflare_proxy_fix-0.1.2-py3-none-any.whl.

File metadata

File hashes

Hashes for wsgi_cloudflare_proxy_fix-0.1.2-py3-none-any.whl
Algorithm Hash digest
SHA256 801b5585845c3f69033198c231a9234a82fd3a67bfa7bccc7b2221887bfb8c4c
MD5 e98d8a0109ead2012a2c5f368c0fb170
BLAKE2b-256 fe2bedf1c3be586d26a152d7c36ad1281d3a974a0be07bc74b0a01c7be54c01b

See more details on using hashes here.

Supported by

AWS AWS Cloud computing and Security Sponsor Datadog Datadog Monitoring Fastly Fastly CDN Google Google Download Analytics Microsoft Microsoft PSF Sponsor Pingdom Pingdom Monitoring Sentry Sentry Error logging StatusPage StatusPage Status page