Document why REMOTE_ADD may not be the user's IP address #1037
Conversation
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Starefossen
force-pushed
the
remote-addr-disambiguation
branch
from
2a8e67b to
8e6b5dc
Compare
Starefossen
pushed a commit
to Starefossen/gunicorn
that referenced
this pull request
May 21, 2015
Gunicorn v19 removed functionality which updated `REMOTE_ADDR` to the value of the `X-Forwared-For` header if received from a trusted upstream client. This was a violation of RFC 3875 CGI Version 1.1, and was hence removed. Close: benoitc#1035 PR-URL: benoitc#1037 Related: benoitc#633 Signed-off-by: Hans Kristian Flaatten <hans.kristian.flaatten@turistforeningen.no>
Starefossen
changed the title
REMOTE_ADD may not be the user's IP
|
LGTM |
|
Maybe also add that |
|
@Starefossen good idea :) |
Starefossen
force-pushed
the
remote-addr-disambiguation
branch
from
8e6b5dc to
e0aad07
Compare
Starefossen
pushed a commit
to Starefossen/gunicorn
that referenced
this pull request
May 21, 2015
Gunicorn v19 removed functionality which updated `REMOTE_ADDR` to the value of the `X-Forwared-For` header if received from a trusted upstream client. This was a violation of RFC 3875 CGI Version 1.1, and was hence removed. Close: benoitc#1035 PR-URL: benoitc#1037 Related: benoitc#633 Signed-off-by: Hans Kristian Flaatten <hans.kristian.flaatten@turistforeningen.no>
|
Ok, I have now amended a paragraph to my original commit. |
| proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; | ||
| ... | ||
|
|
||
| It is also worth noticing that the ``REMOTE_ADDR`` will be completely empty if |
There was a problem hiding this comment.
"worth noting" would be the typical phrase, I think.
There was a problem hiding this comment.
Agreed, and fixed!
Starefossen
force-pushed
the
remote-addr-disambiguation
branch
from
e0aad07 to
7b6f8a2
Compare
Starefossen
pushed a commit
to Starefossen/gunicorn
that referenced
this pull request
May 21, 2015
Gunicorn v19 removed functionality which updated `REMOTE_ADDR` to the value of the `X-Forwared-For` header if received from a trusted upstream client. This was a violation of RFC 3875 CGI Version 1.1, and was hence removed. Close: benoitc#1035 PR-URL: benoitc#1037 Related: benoitc#633 Signed-off-by: Hans Kristian Flaatten <hans.kristian.flaatten@turistforeningen.no>
| ... | ||
|
|
||
| It is also worth noting that the ``REMOTE_ADDR`` will be completely empty if you | ||
| bind Gunicorn to a unix socket and not a tcp host:port touple. |
There was a problem hiding this comment.
That's what you get for not running spell check before pushing 😝 Fixed now.
|
I love documentation PRs!!! :) :) |
|
@tilgovi +1 :) |
|
@tilgovi :) |
Gunicorn v19 removed functionality which updated `REMOTE_ADDR` to the value of the `X-Forwared-For` header if received from a trusted upstream client. This was a violation of RFC 3875 CGI Version 1.1, and was hence removed. Close: benoitc#1035 PR-URL: benoitc#1037 Related: benoitc#633 Signed-off-by: Hans Kristian Flaatten <hans.kristian.flaatten@turistforeningen.no>
Starefossen
force-pushed
the
remote-addr-disambiguation
branch
from
7b6f8a2 to
85d857d
Compare
|
I'm just happy to be of any help. Thank you for making Gunicorn ❤️ |
berkerpeksag
added a commit
that referenced
this pull request
May 22, 2015
Document why REMOTE_ADD may not be the user's IP address
|
Thanks! |
berkerpeksag
pushed a commit
that referenced
this pull request
Nov 16, 2018
The doc change introduced in #1037 is initially helpful but then internally inconsistent. It correctly points out that X-Forwarded-For is no longer used in setting REMOTE_ADDR (c487368), but then confusingly indicates a solution using the X-Forwarded-For header. The deployment doc provides a full configuration example which includes proxy headers as set by nginx. What is missing, before this patch, is a clear suggestion on how to make use of the header in Gunicorn's access log. Accordingly, remove the confusing suggestion and replace it with a drop-in replacement for Gunicorn's default access log format.
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
This PR updates the Gunicorn deploy documentation on why
REMOTE_ADDRmay not always be the IP address of the user.Close: #1035
Related: #633
Signed-off-by: Hans Kristian Flaatten hans.kristian.flaatten@turistforeningen.no