jingrow/gunicorn
1
0
Fork 0
mirror of https://github.com/frappe/gunicorn.git synced 2026-01-14 11:09:11 +08:00
Code Issues Packages Projects Releases Wiki Activity

Merge pull request #1037 from Starefossen/remote-addr-disambiguation

Browse Source 
Document why REMOTE_ADD may not be the user's IP address
This commit is contained in:
Berker Peksag 2015-05-22 05:01:21 +03:00
commit e6cf15ce78
1 changed files with 15 additions and 0 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

15
docs/source/deploy.rst
View File

@ -111,6 +111,21 @@ Gunicorn may come from untrusted proxies or directly from clients since the
application may be tricked into serving SSL-only content over an insecure application may be tricked into serving SSL-only content over an insecure
connection. connection.
Gunicorn v19 introduced a breaking change concerning how ``REMOTE_ADDR`` is
handled. Previous to Gunicorn v19 this was set to the value of
``X-Forwarded-For`` if recieved from a trusted proxy. However, this was not in
compliance with `RFC 3875 CGI Version 1.1 <http://www.ietf.org/rfc/rfc3875>`_
which is why the ``REMOTE_ADDR`` is now the IP address of **the proxy** and
**not the actual user**. You should instead configure Nginx to send the user's
IP address through the ``X-Forwarded-For`` header like this::
...
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
...
It is also worth noting that the ``REMOTE_ADDR`` will be completely empty if you
bind Gunicorn to a unix socket and not a tcp host:port tuple.
Using Virtualenv Using Virtualenv
================ ================