XForwardedFiltered

class gafaelfawr.x_forwarded.XForwardedFiltered(trusted: Sequence[_BaseNetwork])

Bases: aiohttp_remotes.x_forwarded.XForwardedBase

Middleware to update the request based on X-Forwarded-For.

The semantics we want aren’t supported by either of the aiohttp_remotes middleware classes, so we implement our own. This is similar to XForwardedRelaxed except that it takes the rightmost IP address that is not contained within one of the trusted networks.

Parameters:trusted (Sequence[Union[ipaddress.IPv4Network, ipaddress.IPv6Network]]) – List of trusted networks that should be skipped over when finding the actual client IP address.

Methods Summary

get_forwarded_for(headers)
get_forwarded_host(headers)
get_forwarded_proto(headers) Get X-Forwarded-Proto values.
middleware(request, handler) Replace request information with details from proxy.
raise_error(request)
setup(app)

Methods Documentation

get_forwarded_for(headers)
get_forwarded_host(headers)
get_forwarded_proto(headers: CIMultiDictProxy) → List[str]

Get X-Forwarded-Proto values.

This replaces the base class version to remove the exception when multiple X-Forwarded-Proto headers are present. This is a workaround for a bug in version 1.39.1 of the Kubernetes NGINX ingress. See https://github.com/kubernetes/ingress-nginx/issues/5670.

Parameters:headers (multidict.CIMultiDictProxy) – The headers of the request.
Returns:forwarded_proto – A list of schemes from the X-Forwarded-Proto header.
Return type:List[str]
middleware(request: web.Request, handler: Handler) → web.StreamResponse

Replace request information with details from proxy.

Honor X-Forwarded-For and related headers.

Parameters:
Returns:

response – The response with a new logger key attached to it.
Return type:

aiohttp.web.StreamResponse

Notes

The remote IP address will be replaced with the right-most IP address in X-Forwarded-For that is not contained within one of the trusted networks. The last entry of X-Forwarded-Proto and the contents of X-Forwarded-Host will be used unconditionally if they are present and X-Forwarded-For is also present.

raise_error(request)
setup(app)