Closed DylannCordel closed 8 years ago
lampslave
commented
8 years ago I think HTTP_X_FORWARDED_FOR can be used only as additional information and can't replace REMOTE_ADDR. Compromise way: check if django-ipware is installed and then use it, otherwise use REMOTE_ADDR.
DylannCordel
commented
8 years ago @lampslave there is some cases you will always have the same IP for all users if you store REMOTE_ADDR:
Web (IP x.x.x.x) -> ServerSide Proxy as frontend server (IP 1.1.1.1) -> Real Server (IP 2.2.2.2)
In the other hand, this is specific to the way the website is hosted, and should be managed for the entiere django project, not only for pybbm. In this case, devs should add their own middleware to overwrite REMOTE_ADDR with HTTP_X_FORWARDED_FOR if the original REMOTE_ADDR is their own server-side proxy's IP.
To resume, I think my PR is a bad idea :wink:. Sorry for noise.
If used proxy doesn't use standard code (HTTP_X_FORWARDED_FOR), the "problem" is still there but I think this is enough. Else, we could use django-ipware for exemple.