diff options
-rw-r--r-- | oslo_middleware/http_proxy_to_wsgi.py | 8 | ||||
-rw-r--r-- | oslo_middleware/tests/test_http_proxy_to_wsgi.py | 23 |
2 files changed, 31 insertions, 0 deletions
diff --git a/oslo_middleware/http_proxy_to_wsgi.py b/oslo_middleware/http_proxy_to_wsgi.py index 84bc32b..4d68bcf 100644 --- a/oslo_middleware/http_proxy_to_wsgi.py +++ b/oslo_middleware/http_proxy_to_wsgi.py @@ -71,6 +71,10 @@ class HTTPProxyToWSGI(base.ConfigurableMiddleware): if forwarded_host: req.environ['HTTP_HOST'] = forwarded_host + forwarded_for = proxy.get("for") + if forwarded_for: + req.environ['REMOTE_ADDR'] = forwarded_for + else: # World before RFC7239 forwarded_proto = req.environ.get("HTTP_X_FORWARDED_PROTO") @@ -81,6 +85,10 @@ class HTTPProxyToWSGI(base.ConfigurableMiddleware): if forwarded_host: req.environ['HTTP_HOST'] = forwarded_host + forwarded_for = req.environ.get("HTTP_X_FORWARDED_FOR") + if forwarded_for: + req.environ['REMOTE_ADDR'] = forwarded_for + v = req.environ.get("HTTP_X_FORWARDED_PREFIX") if v: req.environ['SCRIPT_NAME'] = v + req.environ['SCRIPT_NAME'] diff --git a/oslo_middleware/tests/test_http_proxy_to_wsgi.py b/oslo_middleware/tests/test_http_proxy_to_wsgi.py index 26baa77..1554ece 100644 --- a/oslo_middleware/tests/test_http_proxy_to_wsgi.py +++ b/oslo_middleware/tests/test_http_proxy_to_wsgi.py @@ -103,6 +103,29 @@ class TestHTTPProxyToWSGI(test_base.BaseTestCase): response = self.request.get_response(self.middleware) self.assertEqual(b"https://example.com:8043/bla", response.body) + def test_forwarded_for_headers(self): + @webob.dec.wsgify() + def fake_app(req): + return req.environ['REMOTE_ADDR'] + + self.middleware = http_proxy_to_wsgi.HTTPProxyToWSGIMiddleware( + fake_app) + forwarded_for_addr = '1.2.3.4' + forwarded_addr = '8.8.8.8' + + # If both X-Forwarded-For and Fowarded headers are present, it should + # use the Forwarded header and ignore the X-Forwarded-For header. + self.request.headers['Forwarded'] = ( + "for=%s;proto=https;host=example.com:8043" % (forwarded_addr)) + self.request.headers['X-Forwarded-For'] = forwarded_for_addr + response = self.request.get_response(self.middleware) + self.assertEqual(forwarded_addr.encode(), response.body) + + # Now if only X-Forwarded-For header is present, it should be used. + del self.request.headers['Forwarded'] + response = self.request.get_response(self.middleware) + self.assertEqual(forwarded_for_addr.encode(), response.body) + class TestHTTPProxyToWSGIDisabled(test_base.BaseTestCase): |