Skip to content

Commit

Permalink
Fix #7222: Handle 'proxy-for' header (#7224)
Browse files Browse the repository at this point in the history 
Some proxys set the remote ip in the Proxy-For.
  • Loading branch information
@e-carlin
e-carlin committed Aug 23, 2024
1 parent 5cf751c commit 138bfd6
Show file tree
Hide file tree
Showing 4 changed files with 22 additions and 10 deletions.
15 changes: 15 additions & 0 deletions sirepo/http_util.py
View file
Original file line number Diff line number Diff line change
Expand Up @@ -46,3 +46,18 @@ def parse_auth_header(headers):
if m := _AUTH_HEADER_RE.search(h):
return m.group(1)
return None


def remote_ip(request):
"""IP address of client from request.
Tornado covers 'X-Real-Ip' and 'X-Forwared-For'. This adds addition
headers to check.
Args:
request (tornado.httputil.HTTPServerRequest): Incoming request
Returns:
str: IP address of client
"""
return request.headers.get("proxy-for", request.remote_ip)
3 changes: 2 additions & 1 deletion sirepo/pkcli/job_supervisor.py
View file
Original file line number Diff line number Diff line change
Expand Up @@ -15,6 +15,7 @@
import sirepo.events
import sirepo.feature_config
import sirepo.global_resources.api
import sirepo.http_util
import sirepo.job
import sirepo.job_driver
import sirepo.job_supervisor
Expand Down Expand Up @@ -97,7 +98,7 @@ def open(self):
pkdlog(
"uri={} remote_ip={} ",
self.request.uri,
self.request.remote_ip,
sirepo.http_util.remote_ip(self.request),
)

def sr_close(self):
Expand Down
4 changes: 2 additions & 2 deletions sirepo/request.py
View file
Original file line number Diff line number Diff line change
Expand Up @@ -11,9 +11,9 @@
import pykern.pkcompat
import pykern.pkjson
import sirepo.const
import sirepo.http_util
import sirepo.quest
import sirepo.util
import urllib.parse
import user_agents


Expand Down Expand Up @@ -186,7 +186,7 @@ def _parse_authorization(value):
http_method=r.method,
http_request_uri=r.full_url(),
http_server_uri=f"{r.protocol}://{r.host}/",
remote_addr=r.remote_ip,
remote_addr=sirepo.http_util.remote_ip(r),
)

def body_as_bytes(self):
Expand Down
10 changes: 3 additions & 7 deletions sirepo/uri_router.py
View file
Original file line number Diff line number Diff line change
Expand Up @@ -7,25 +7,21 @@
from pykern import pkcollections
from pykern import pkconfig
from pykern import pkinspect
from pykern import pkjson
from pykern.pkcollections import PKDict
from pykern.pkdebug import pkdc, pkdexc, pkdlog, pkdp, pkdformat
import asyncio
import contextlib
import importlib
import inspect
import os
import pkgutil
import re
import sirepo.api_auth
import sirepo.auth
import sirepo.const
import sirepo.events
import sirepo.feature_config
import sirepo.http_util
import sirepo.spa_session
import sirepo.uri
import sirepo.util
import urllib.parse

#: prefix for api functions
_FUNC_PREFIX = "api_"
Expand Down Expand Up @@ -225,7 +221,7 @@ def open(self):
self.__headers = PKDict(r.headers)
self.cookie_state = self.__headers.get("Cookie")
self.http_server_uri = f"{r.protocol}://{r.host}/"
self.remote_addr = r.remote_ip
self.remote_addr = sirepo.http_util.remote_ip(r)
self.ws_id = ws_count
self.sr_log(None, "open", fmt=" ip={}", args=[_remote_peer(r)])

Expand Down Expand Up @@ -354,7 +350,7 @@ def _remote_peer(request):
# socket is not set on stream for websockets.
if hasattr(c, "stream") and hasattr(c.stream, "socket"):
return "{}:{}".format(*c.stream.socket.getpeername())
return f"{request.remote_ip}:0"
return f"{sirepo.http_util.remote_ip(request)}:0"

sirepo.modules.import_and_init("sirepo.server").init_tornado()
s = httpserver.HTTPServer(
Expand Down

0 comments on commit 138bfd6

Please sign in to comment.