Comments (4)
Version 2.0 has Proxy Count support added. Version 1.x is deprecated, however, I don't have any plans in removing the api. Cheers
from django-ipware.
@aleksihakli as per my explanation here, nothing stops a hacker to set up additional proxies to match the proxy count.
Please provide a use case that we need a proxy count on top of the already supported trusted proxy list in order for me to include such a feature in the next release. thx.
from django-ipware.
Unofficial -- Look at the source code for get_client_ip()
from django-ipware.
@un33k yeah, I thought of it more as a convenience feature, I'm aware that attackers can do DNS rebinding and proxy injection on the server end or just forge headers by hand in the client end.
The case is indeed that I'm getting a ton of unwanted traffic on AWS with no proxies set at all in the request headers and want to discard that, and am using proxy count in a middleware to cut the unwanted noise, and think that this is useful for tracking bots and improperly configured clients.
In Axes it's nice to also get notified of someone banging the authentication backend with improper requests :)
I think the 2.0 beta release looks good for the purpose and the trusted proxies approach is good for semi-static proxy IPs. It can be hard to figure out proxy IPs in elastic environments where load balancers have dynamically changing IP ranges, so the proxy count is more usable there.
Just wanted to raise the question up for discussion.
from django-ipware.
Related Issues (20)
- Add a notice informing users that ports are not stripped HOT 1
- Update django-ipware to use python-ipware underneath - Help Needed HOT 1
- Pypi description completely empty HOT 3
- 'NoneType' object has no attribute 'META' HOT 3
- proxy_count and proxy_trusted_ips returning None on localhost/ngrok HOT 1
- Release this package with Django 3.2 support HOT 2
- Looking for 1-2 contributors to de-risk the project as it is now used by many projects HOT 5
- setup.py license classifier does not match LICENSE HOT 3
- Precedence order is not regarded when all IPs are not routable HOT 4
- Update the logic to better handle client IP determination for both routable and private HOT 3
- Suggestion - define default settings value HOT 2
- Any IP starting with `::` is treated as private HOT 7
- Feature proposal: get IP address in list of IPs based on `ip_count` HOT 1
- 'NoneType' object has no attribute 'strip' when META['REMOTE_ADDR'] is None HOT 1
- This module treats addresses like 2001:0db8:1234:: as routable HOT 1
- Upgrade django-ipware with enhancements HOT 1
- What is the difference between getting IP from django-ipware versus stream HOT 3
- ipware ignoring precedence order HOT 4
- [Feature Request] Add support for Django 4.2 HOT 1
- Use `python-ipware` underneath
Recommend Projects
-
React
A declarative, efficient, and flexible JavaScript library for building user interfaces.
-
Vue.js
🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
-
Typescript
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
-
TensorFlow
An Open Source Machine Learning Framework for Everyone
-
Django
The Web framework for perfectionists with deadlines.
-
Laravel
A PHP framework for web artisans
-
D3
Bring data to life with SVG, Canvas and HTML. 📊📈🎉
-
Recommend Topics
-
javascript
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
-
web
Some thing interesting about web. New door for the world.
-
server
A server is a program made to process requests and deliver data to clients.
-
Machine learning
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
-
Visualization
Some thing interesting about visualization, use data art
-
Game
Some thing interesting about game, make everyone happy.
Recommend Org
-
Facebook
We are working to build community through open source technology. NB: members must have two-factor auth.
-
Microsoft
Open source projects and samples from Microsoft.
-
Google
Google ❤️ Open Source for everyone.
-
Alibaba
Alibaba Open Source for everyone
-
D3
Data-Driven Documents codes.
-
Tencent
China tencent open source team.
from django-ipware.