Merge pull request #426 from mpaolini/marco_develop

allow bypassing of forwarded_allow_ips check
2026-01-14 11:09:11 +08:00 · 2012-10-26 12:45:21 -07:00 · 2012-10-26 12:45:21 -07:00 · af473a8b43
commit af473a8b43
parent 20bae2ee0f 7079fa033c
2 changed files with 6 additions and 1 deletions
--- a/gunicorn/config.py
+++ b/gunicorn/config.py
@ -706,6 +706,10 @@ class ForwardedAllowIPS(Setting):
    desc = """\
        Front-end's IPs from which allowed to handle X-Forwarded-* headers.
        (comma separate).
+
+        Set to "*" to disable checking of Front-end IPs (useful for setups
+        where you don't know in advance the IP address of Front-end, but
+        you still trust the environment)
        """

 class AccessLog(Setting):
--- a/gunicorn/http/wsgi.py
+++ b/gunicorn/http/wsgi.py
@ -85,7 +85,8 @@ def create(req, sock, client, server, cfg):

    secure_headers = cfg.secure_scheme_headers
    x_forwarded_for_header = cfg.x_forwarded_for_header
-    if client and client[0] not in cfg.forwarded_allow_ips:
+    if '*' not in cfg.forwarded_allow_ips and client\
+            and client[0] not in cfg.forwarded_allow_ips:
        x_forwarded_for_header = None
        secure_headers = {}