"ip" condition should match against user's real ip

disqus / gargoyle

Feature switches in Django

http://engineering.disqus.com

Apache License 2.0

746 stars 112 forks source link

"ip" condition should match against user's real ip #89

Closed maroux closed 9 years ago

maroux commented 9 years ago

User's real ip is present in HTTP_X_FORWARDED_FOR, if they are behind a proxy or a reverse proxy.

mattrobenolt commented 9 years ago

This is not something that gargoyle should handle and can be done insecurely. Either a middleware should be rewriting that into REMOTE_ADDR, or your proxy should do it, such as nginx with the real_ip module.