sdonk / django-admin-ip-restrictor Goto Github PK
View Code? Open in Web Editor NEWRestrict Django admin access based on incoming IPs
License: MIT License
Restrict Django admin access based on incoming IPs
License: MIT License
HTTP_X_FORWARDED_FOR can contain a comma seperated list of IPs, and you only want to check one of them (which one may vary depending on if you use a CDN or not).
You can prepend your own IP using curl, e.g.
curl --header X-Forwarded-For '1.1.1.1,2.2.2.2,3.3.3.3 ..'
You get a resulting x-forwarded of: (edited)
1.1.1.1, 2.2.2.2, 3.3.3.3, {the client's real ip}, {cloudfront's ip}
So you need need a way of telling django-admin-restrictor the index of the IP you want from the end, I guess the sane default for this would be -1, but for the sites using cloudfront they will want -2.
Invest PIR has a solution to grab the second to last IP, which is hardcoded, along with unit tests in this PR
uktrade/invest-pir-api@5454251
I'm not sure how the setting would be spelt X_FORWARDED_INDEX ?
I believe we're seeing a bug related to the current open pull-request whereby requests to non-restricted IPs are throwing exceptions because they're private IPs. In the example below, our config is setup to just restrict access to ["admin"] yet, we're seeing exceptions related to the middleware
"GET /api/config HTTP/1.0" 500 27<socket.socket fd=6, family=AddressFamily.AF_INET,
type=SocketKind.SOCK_STREAM, proto=0, laddr=('172.17.0.2', 8000), raddr=('172.17.0.3', 46444)>Traceback (most recent call last):
File "/root/.local/share/virtualenvs/portal-lhpYkIEg/lib/python3.7/site-packages/django/core/handlers/exception.py", line 41, in inner
response = get_response(request)
File "/root/.local/share/virtualenvs/portal-lhpYkIEg/lib/python3.7/site-packages/django/core/handlers/base.py", line 178, in _get_response
response = middleware_method(request, callback, callback_args, callback_kwargs)
File "/root/.local/share/virtualenvs/portal-lhpYkIEg/lib/python3.7/site-packages/admin_ip_restrictor/middleware.py", line 81, in process_view
ip = self.get_ip(request)
File "/root/.local/share/virtualenvs/portal-lhpYkIEg/lib/python3.7/site-packages/admin_ip_restrictor/middleware.py", line 76, in get_ip
assert is_routable, 'IP is private'
AssertionError: IP is private
Blocking ips is fairly obvious, not so much with ip ranges.
It would be good to have a couple of example in the documentation showing this.
https://www.djangoproject.com/download/
https://www.python.org/dev/peps/pep-0494/#id16
Then we should cut a major release once it's done
Which is causing my PR to fail :/
A declarative, efficient, and flexible JavaScript library for building user interfaces.
๐ Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
An Open Source Machine Learning Framework for Everyone
The Web framework for perfectionists with deadlines.
A PHP framework for web artisans
Bring data to life with SVG, Canvas and HTML. ๐๐๐
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
Some thing interesting about web. New door for the world.
A server is a program made to process requests and deliver data to clients.
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
Some thing interesting about visualization, use data art
Some thing interesting about game, make everyone happy.
We are working to build community through open source technology. NB: members must have two-factor auth.
Open source projects and samples from Microsoft.
Google โค๏ธ Open Source for everyone.
Alibaba Open Source for everyone
Data-Driven Documents codes.
China tencent open source team.