I successfully setup authentication and user based authorization following the pyramid documentation.
Now I want to disable this authorization if the side is accessed from localhost. How can I make my authorization depending on the client IP address, i.e. localhost?
There are two ways by which you can get the client side IP address.
Using remote_addr or you can use client_addr.
Related
What I am doing
I have a flask website and I am making it accessible to a client using ngrok tunneling.
What I want
I am trying to get the IP address of the client.
What I have done so far
I have tried these so far,
request.environ.get('HTTP_X_REAL_IP', request.remote_addr)
and
request.environ['REMOTE_ADDR']
But both of them are returning 127.0.0.1. I have also checked out this question But it didn't help me out since the answer written there are for getting client IP's in production server environment whereas I am looking for any method using which I can get IP address of client in the development mode of server which is tunneled using ngrok.
I have two possible methods in my mind,
If I can get the IP address of the connection requester from Ngrok. I don't know is there any way to do it but this can solve my problem.
Or I add something to my javascript code so that whenever the index page loads up it sends an ajax request to the server telling it the IP address of the client. (Correct me if wrong)
In case of Flask , you cannot get the client ip address directly on the server side but you cannot get the IP address if your web app grabs the client ip and then using AJAX request sends it back to the server so that you can log it.
That's the only possible way i think you can do it in flask.
I have a VPN setup where clients authenticate using pre-shared certificates. I want these clients to use my http api written in flask but I need them to authenticate first to return correct data from database.
Is it safe to use request.remote_addr or request.environ['REMOTE_ADDR'] to identify users given I know IP address of every client from VPN config?
e.g.
user = select_user(request.remote_addr)
where select_user(IP) maps VPN clients to IP addresses.
The REMOTE_ADDR will always be the IP of the TCP connection emitter, there is no way to modify it for a potential attacker (except proxy). But there is a vulnerability if someone can access to one of your user's network (as they will have a valid IP). So if you can really trust your users personal network security, yes it is safe, otherwise no.
Heroku has a routing system to forward requests to the dynos. My application needs to know from where the request came, but it always gets random addresses in a network, probably Heroku's internals.
And I see that in the logs, it (Heroku's router) gets my IP address and forwards the request. Is there a way to get the actual IP address of a request?
My application is written in Python, using Flask
Checking Flask's documentation on filtering headers etc., I found that:
request.headers['X-Forwarded-For']
is where you'll get the client's real IP address.
From a deleted comment by OP, this article provides a safer solution.
You want to preserve the IP from request.remote_addr when locally or if hosting the site somewhere else:
def getIP():
if 'X-Forwarded-For' in request.headers:
return request.headers['X-Forwarded-For']
return request.remote_addr
I have a cherrypy server on a machine, and i want to get the client identifier from the request. Now i can get the client IP by cherrypy.request.remote.ip, but if the client user use a proxy then the IP address will be the proxy address that i don't want, so is there any way for getting the host name of the client machine or some other ways to distiguish the client identifier
Original client IP is usually passed along by proxy with X-Forwarded-For header. You can either study the header or use tools.proxy setting to automatically rewrite cherrypy.request.remote.ip. See cherrypy.lib.cptools.proxy for details.
This is a HTTP protocol problem and has nothing to do with python or cherrypy.
HTTP clients don't send their hostname along with requests.
I'd like to log the IP addresses of machines that access my web.py application. How can I access this data within the web.py framework? I'm happy to send the address to my own logger.
Use web.ctx['ip'] to get the remote ip address. Here is a link which explains what's in the context.