Closed alfonsodg closed 10 years ago
From massimod...@gmail.com on August 13, 2009 08:29:35
You are correct but here is the problem: request.client stores http_x_forwarded_for is present and this can be spoofed. So if web2py is not behind a proxy, the current solution is fine. If web2py is behind a proxy, one should use the proxy logs. In this way none of them can be spoofed.
Status: WontFix
From sherdim on August 13, 2009 09:16:41
OK, proxy logs are the best for such deployment. I have just been disappointed with LogAnal appliance. You should stress in docs that such tool is restricted in proxy environment
And anyway, can you say will be success if I change myself string #249: environ['REMOTE_ADDR'], in appfactory (main.py)?
Is an app really slower if logging is on? How to switch it off?
I will search group and repost these questions there.
From sherdim on August 12, 2009 06:41:46
web2py has special procedure to reveal original client ip for identification it is set in request.client with function get_client()
but in httpserver.log only plain remote_addr is logged. For deployment scheme with proxy from the main web-server to WSGI on the same machine IP address is the same for ALL requests! What is the expected output? What do you see instead? Output from the sophisticated get_client() is expected! What version of the product are you using? On what operating system? 1.65, windows not-binary, from sources
Thanks, Dmitry
Original issue: http://code.google.com/p/web2py/issues/detail?id=49