``wsgi_cloudflare_proxy_fix``: Safely read Cloudflare's ``Cf-Connecting-Ip`` header
===================================================================================
``wsgi_cloudflare_proxy_fix`` is a WSGI middleware that safely sets the
``REMOTE_ADDR`` environment variable to the value of the ``Cf-Connecting-Ip``
header for requests originating from Cloudflare.
In addition, it sets a ``CF_TRUSTED`` environment variable to ``True`` for
all requests originating from Cloudflare.
Installation
------------
Install ``wsgi_cloudflare_proxy_fix`` using ``pip``::
pip install wsgi_cloudflare_proxy_fix
Usage
-----
The following examples assume ``werkzeug.middleware.proxy_fix.ProxyFix`` is
being used to read the ``X-Forwarded-For`` and ``X-Forwarded-Proto`` headers.
For a standalone WSGI application:
.. code-block:: python
import logging
from wsgi_cloudflare_proxy_fix import CloudflareProxyFix
from werkzeug.middleware.proxy_fix import ProxyFix
application = CloudflareProxyFix(application, log_level=logging.INFO)
application = ProxyFix(application)
For a Flask application:
.. code-block:: python
import logging
from wsgi_cloudflare_proxy_fix import CloudflareProxyFix
from werkzeug.middleware.proxy_fix import ProxyFix
def create_app():
app = Flask(__name__)
app.wsgi_app = CloudflareProxyFix(app.wsgi_app, log_level=logging.INFO)
app.wsgi_app = ProxyFix(app.wsgi_app)
return app
Testing
-------
To verify the proxy fix is working as expected in your production environment,
the ``CloudflareProxyFixTest`` middleware can be used by adding the following
to your application:
.. code-block:: python
import logging
from wsgi_cloudflare_proxy_fix import CloudflareProxyFix, CloudflareProxyFixTest
from werkzeug.middleware.proxy_fix import ProxyFix
def create_app():
app = Flask(__name__)
app.wsig_app = CloudflareProxyFixTest(app.wsgi_app, path="/debug/cf-test")
app.wsgi_app = CloudflareProxyFix(app.wsgi_app, log_level=logging.INFO)
app.wsgi_app = ProxyFix(app.wsgi_app)
return app
And making a request to the `debug/cf-test` endpoint::
$ curl http://localhost:5000/debug/cf-test
{
"CF_TRUSTED": null,
"REMOTE_ADDR": "127.0.0.1"
"wsgi_cloudflare_proxy_fix.orig": null,
}
$ curl -H 'X-Forwarded-For: 103.31.4.1' -H 'Cf-Connecting-Ip: 1.2.3.4' http://localhost:5000/debug/cf-test
{
"CF_TRUSTED": true,
"REMOTE_ADDR": "1.2.3.4",
"wsgi_cloudflare_proxy_fix.orig": {
"REMOTE_ADDR": "103.31.4.1"
}
}
Raw data
{
"_id": null,
"home_page": "https://github.com/wolever/wsgi-cloudflare-proxy-fix",
"name": "wsgi-cloudflare-proxy-fix",
"maintainer": "",
"docs_url": null,
"requires_python": ">=3.9,<4.0",
"maintainer_email": "",
"keywords": "",
"author": "David Wolever",
"author_email": "david@wolever.net",
"download_url": "https://files.pythonhosted.org/packages/6c/b3/fd2281a91ffe55a69e74aa4b71d031c238059800b3307a8f21184b13b00c/wsgi_cloudflare_proxy_fix-0.1.2.tar.gz",
"platform": null,
"description": "``wsgi_cloudflare_proxy_fix``: Safely read Cloudflare's ``Cf-Connecting-Ip`` header\n===================================================================================\n\n``wsgi_cloudflare_proxy_fix`` is a WSGI middleware that safely sets the\n``REMOTE_ADDR`` environment variable to the value of the ``Cf-Connecting-Ip``\nheader for requests originating from Cloudflare.\n\nIn addition, it sets a ``CF_TRUSTED`` environment variable to ``True`` for\nall requests originating from Cloudflare.\n\nInstallation\n------------\n\nInstall ``wsgi_cloudflare_proxy_fix`` using ``pip``::\n\n pip install wsgi_cloudflare_proxy_fix\n\nUsage\n-----\n\nThe following examples assume ``werkzeug.middleware.proxy_fix.ProxyFix`` is\nbeing used to read the ``X-Forwarded-For`` and ``X-Forwarded-Proto`` headers.\n\nFor a standalone WSGI application:\n\n.. code-block:: python\n\n import logging\n from wsgi_cloudflare_proxy_fix import CloudflareProxyFix\n from werkzeug.middleware.proxy_fix import ProxyFix\n\n application = CloudflareProxyFix(application, log_level=logging.INFO)\n application = ProxyFix(application)\n\nFor a Flask application:\n\n.. code-block:: python\n\n import logging\n from wsgi_cloudflare_proxy_fix import CloudflareProxyFix\n from werkzeug.middleware.proxy_fix import ProxyFix\n\n def create_app():\n app = Flask(__name__)\n app.wsgi_app = CloudflareProxyFix(app.wsgi_app, log_level=logging.INFO)\n app.wsgi_app = ProxyFix(app.wsgi_app)\n return app\n\nTesting\n-------\n\nTo verify the proxy fix is working as expected in your production environment,\nthe ``CloudflareProxyFixTest`` middleware can be used by adding the following\nto your application:\n\n.. code-block:: python\n\n import logging\n from wsgi_cloudflare_proxy_fix import CloudflareProxyFix, CloudflareProxyFixTest\n from werkzeug.middleware.proxy_fix import ProxyFix\n\n def create_app():\n app = Flask(__name__)\n app.wsig_app = CloudflareProxyFixTest(app.wsgi_app, path=\"/debug/cf-test\")\n app.wsgi_app = CloudflareProxyFix(app.wsgi_app, log_level=logging.INFO)\n app.wsgi_app = ProxyFix(app.wsgi_app)\n return app\n\nAnd making a request to the `debug/cf-test` endpoint::\n\n $ curl http://localhost:5000/debug/cf-test\n {\n \"CF_TRUSTED\": null,\n \"REMOTE_ADDR\": \"127.0.0.1\"\n \"wsgi_cloudflare_proxy_fix.orig\": null,\n }\n $ curl -H 'X-Forwarded-For: 103.31.4.1' -H 'Cf-Connecting-Ip: 1.2.3.4' http://localhost:5000/debug/cf-test\n {\n \"CF_TRUSTED\": true,\n \"REMOTE_ADDR\": \"1.2.3.4\",\n \"wsgi_cloudflare_proxy_fix.orig\": {\n \"REMOTE_ADDR\": \"103.31.4.1\"\n }\n }\n",
"bugtrack_url": null,
"license": "",
"summary": "Sets REMOTE_ADDR to the correct value when behind Cloudflare, based on the Cf-Connecting-Ip header, when requests originate from Cloudflare's IP range.",
"version": "0.1.2",
"split_keywords": [],
"urls": [
{
"comment_text": "",
"digests": {
"blake2b_256": "fe2bedf1c3be586d26a152d7c36ad1281d3a974a0be07bc74b0a01c7be54c01b",
"md5": "e98d8a0109ead2012a2c5f368c0fb170",
"sha256": "801b5585845c3f69033198c231a9234a82fd3a67bfa7bccc7b2221887bfb8c4c"
},
"downloads": -1,
"filename": "wsgi_cloudflare_proxy_fix-0.1.2-py3-none-any.whl",
"has_sig": false,
"md5_digest": "e98d8a0109ead2012a2c5f368c0fb170",
"packagetype": "bdist_wheel",
"python_version": "py3",
"requires_python": ">=3.9,<4.0",
"size": 3892,
"upload_time": "2023-03-24T21:00:45",
"upload_time_iso_8601": "2023-03-24T21:00:45.327974Z",
"url": "https://files.pythonhosted.org/packages/fe/2b/edf1c3be586d26a152d7c36ad1281d3a974a0be07bc74b0a01c7be54c01b/wsgi_cloudflare_proxy_fix-0.1.2-py3-none-any.whl",
"yanked": false,
"yanked_reason": null
},
{
"comment_text": "",
"digests": {
"blake2b_256": "6cb3fd2281a91ffe55a69e74aa4b71d031c238059800b3307a8f21184b13b00c",
"md5": "23fa889dae225ee7b6cb1eadfd542fa1",
"sha256": "4599087b5a0a7162e1a29a62235aedc35b2a95ada9c05f21fa67a2de41774daa"
},
"downloads": -1,
"filename": "wsgi_cloudflare_proxy_fix-0.1.2.tar.gz",
"has_sig": false,
"md5_digest": "23fa889dae225ee7b6cb1eadfd542fa1",
"packagetype": "sdist",
"python_version": "source",
"requires_python": ">=3.9,<4.0",
"size": 3156,
"upload_time": "2023-03-24T21:00:47",
"upload_time_iso_8601": "2023-03-24T21:00:47.029610Z",
"url": "https://files.pythonhosted.org/packages/6c/b3/fd2281a91ffe55a69e74aa4b71d031c238059800b3307a8f21184b13b00c/wsgi_cloudflare_proxy_fix-0.1.2.tar.gz",
"yanked": false,
"yanked_reason": null
}
],
"upload_time": "2023-03-24 21:00:47",
"github": true,
"gitlab": false,
"bitbucket": false,
"github_user": "wolever",
"github_project": "wsgi-cloudflare-proxy-fix",
"travis_ci": false,
"coveralls": false,
"github_actions": false,
"lcname": "wsgi-cloudflare-proxy-fix"
}
JSON
