Wrong IP-address in werkzeug's log messages when in proxy mode

Bug #1168243 reported by Daniel Hammerschmidt on 2013-04-12
6
This bug affects 1 person
Affects Status Importance Assigned to Milestone
Odoo Server (MOVED TO GITHUB)
New
Undecided
Unassigned

Bug Description

If OpenERP 7.0 runs behind a proxy in the log messages the IP-address of the proxy server is reported.

One could say this is correct since each request to OpenERP comes from the proxy. But, in this case the log is not very helpful.

I made a branch where at the beginning of wsgi_server.py (right after the imports) a new address_string()-method is injected in the class werkzeug.serving.WSGIRequestHandler.

_handler_clazz = werkzeug.serving.WSGIRequestHandler
_handler_clazz.address_string = type(_handler_clazz.address_string)(lambda self: self.headers.dict['x-forwarded-for']
                                                                                 if config['proxy_mode'] and 'x-forwarded-for' in self.headers.dict
                                                                                 else self.client_address[0],
                                                                    None,
                                                                    _handler_clazz)

Now, I can see where the request to the proxy came from.

Probably it would look more clearly if we subclass WSGIRequestHandler and tell Werkzeug to use this subclass, but it works and needs only 2 (6) lines of code.

Sergej Nikolaev (kinolaev) wrote :

Hello! Big thank for you solution and I found how make it with only one line in wsgi_server.py:

def application(environ, start_response):
    if config['proxy_mode'] and 'HTTP_X_FORWARDED_HOST' in environ:
+ werkzeug.serving.WSGIRequestHandler.address_string = lambda self: self.headers.get('x-real-ip', self.client_address[0])
        return werkzeug.contrib.fixers.ProxyFix(application_unproxied)(environ, start_response)
    else:
        return application_unproxied(environ, start_response)

To post a comment you must log in.
This report contains Public information  Edit
Everyone can see this information.

Other bug subscribers