I have a cherrypy server on a machine, and i want to get the client identifier from the request. Now i can get the client IP by cherrypy.request.remote.ip, but if the client user use a proxy then the IP address will be the proxy address that i don't want, so is there any way for getting the host name of the client machine or some other ways to distiguish the client identifier
Original client IP is usually passed along by proxy with X-Forwarded-For header. You can either study the header or use tools.proxy setting to automatically rewrite cherrypy.request.remote.ip. See cherrypy.lib.cptools.proxy for details.
This is a HTTP protocol problem and has nothing to do with python or cherrypy.
HTTP clients don't send their hostname along with requests.
Related
I've seen many examples of how to send DNS requests via Scapy, but none for IPv6. For reference, I'm using Python 3, and ping6 ipv6.google.com is successful for me, so I seem to have a proper gateway. I'm trying to combine https://www.packetlevel.ch/html/scapy/scapyipv6.html and https://thepacketgeek.com/scapy-p-09-scapy-and-dns/, but I'm not sure how to do so exactly (just replacing IP(dst=dst) with IPv6(dst=dst) doesn't work). For reference, I've been trying to resolve "google.com" with Googles DNS Server (https://developers.google.com/speed/public-dns/docs/using).
Edit: I wish to be able to choose the DNS server I reach. For IPv4, I could do so with the following:
sr1(IP(dst=dns_dst)/UDP(dport=53)/DNS(rd=1, qd=DNSQR(qname=query_name)))
IPv6 Ping:
sr1(IPv6(dst="www.google.com")/ICMPv6EchoRequest(),timeout=3)
That would make a simple IPv6 packet with an echo request on top, and send/receive it on level 3
DNS over IPv6 on Google's public server, requesting an IPv6 address:
sr1(IPv6(dst="2001:4860:4860::8888")/UDP()/DNS(qd=DNSQR(qname="www.google.com", qtype="AAAA")))
What I am doing
I have a flask website and I am making it accessible to a client using ngrok tunneling.
What I want
I am trying to get the IP address of the client.
What I have done so far
I have tried these so far,
request.environ.get('HTTP_X_REAL_IP', request.remote_addr)
and
request.environ['REMOTE_ADDR']
But both of them are returning 127.0.0.1. I have also checked out this question But it didn't help me out since the answer written there are for getting client IP's in production server environment whereas I am looking for any method using which I can get IP address of client in the development mode of server which is tunneled using ngrok.
I have two possible methods in my mind,
If I can get the IP address of the connection requester from Ngrok. I don't know is there any way to do it but this can solve my problem.
Or I add something to my javascript code so that whenever the index page loads up it sends an ajax request to the server telling it the IP address of the client. (Correct me if wrong)
In case of Flask , you cannot get the client ip address directly on the server side but you cannot get the IP address if your web app grabs the client ip and then using AJAX request sends it back to the server so that you can log it.
That's the only possible way i think you can do it in flask.
Since there is no support of IP_PKTINFO in python(for IPv4), are there no multihomed UDP python servers out there in production?
If there are ( and I expect there shall be), how do they handle the problem of sending the response UDP packets to the interface from which they received the request!
EDIT for clarification
Lets say I have a UDP server with multiple interfaces (consider 2 here), each with IP 172.217.163.68 and 172.217.163.69 respectively. The server has socket bind call on 0.0.0.0. Now if a request packet comes on 172.217.163.68, the server processes it, forms a response packet, and then sends on what interface? There is no way it knows about the interface from which request packet arrived, so it can't fill the sending interface IP. This is because there is no support for IP_PKTINFO in python.
Also it should be noted that we can't make use of the default route here. If default route gets used, then from the perspective of the client, it sent request to 172.217.163.68 but is getting response from 172.217.163.69, which is obviously wrong.
UDP servers use recvfrom and sendto to get the source IP address and to send back the response:
Receive:message, address = socket.recvfrom(1024)
Send: socket.sendto(message, address)
You can see an example UDP server in python in this question
I have a VPN setup where clients authenticate using pre-shared certificates. I want these clients to use my http api written in flask but I need them to authenticate first to return correct data from database.
Is it safe to use request.remote_addr or request.environ['REMOTE_ADDR'] to identify users given I know IP address of every client from VPN config?
e.g.
user = select_user(request.remote_addr)
where select_user(IP) maps VPN clients to IP addresses.
The REMOTE_ADDR will always be the IP of the TCP connection emitter, there is no way to modify it for a potential attacker (except proxy). But there is a vulnerability if someone can access to one of your user's network (as they will have a valid IP). So if you can really trust your users personal network security, yes it is safe, otherwise no.
I successfully setup authentication and user based authorization following the pyramid documentation.
Now I want to disable this authorization if the side is accessed from localhost. How can I make my authorization depending on the client IP address, i.e. localhost?
There are two ways by which you can get the client side IP address.
Using remote_addr or you can use client_addr.