Forums

How do you set X_REAL_IP?

The value in question is the one available as request.META.get('HTTP_X_REAL_IP') (Django).

Can I be sure that the HTTP or HTTPS request was sent from this address, or that value can tampered with by an adversary?

For instance, do you set it from IP datagram Source Address field, or from any other source?

Background: I would like to process POST request only from IPs of x.y.z.0-255. So if I could reliably filter by client IP, it would be great.

deleted-user-1506499 | 9 posts | March 16, 2018, 8:14 p.m. | permalink

It is set by the network stack by looking at the source IP of the IP packet. You don't "set" it.

If you want to filter on client IP, you just need to look at it - http://help.pythonanywhere.com/pages/WebAppClientIPAddresses/

Staff glenn | 9718 posts | PythonAnywhere staff | March 17, 2018, 11:18 a.m. | permalink