Whitelist Ip

Hello, i am trying to whitelist my namecheap server in my django app. Lets say my namecheap server is '123.456.789.2'. I have described a class below to make sure the ip of the client server matches the name cheap server but i am getting a different ip, lets say 193.432.53.240. How can i solve this

class IpMiddleware:
    def __init__(self, get_response):
        self.get_response = get_response

    def __call__(self, request):
        client_ip = request.META.get('HTTP_X_REAL_IP')

        if client_ip not in settings.ALLOWED_IPS:
            return HttpResponseForbidden("Access Denied")

        response = self.get_response(request)
        return response

[edit by admin: formatting]

Could you give some more details? A whitelist like the one you describe would affect incoming connections from browsers or other computers that are trying to access pages or other endpoints on your website. Are you expecting Namecheap's servers to make requests to your site? If so, how are you getting the IP addresses that you would expect them to use? Remember that the IPs you might use to access Namecheap might be very different to the ones that they might use to make requests to your site.

I have a react project hosted on namecheap and the react calls endpoints from my django app hosted here, on PythonAnywhere. I am trying to do it in such a way that it is only requests coming from the react hosted on namecheap that can get responses from my endpoints

React app is normally running in the browser of the client, not on a server, so requests to backend are coming from ip of the client.

Ohh thanks

Hope that you made it work!

Hi, somewhat similar issue here. I have a list of allowable IP addresses from a payment provider that I need to confirm in my callbacks as clients make payments to my flask site. How can I confirm the requests from the provider to my callbacks are only coming from the list?

If I understand your question correctly, you should just get the IP from the webhook from your provider and compare it with the IP list. (Someone could still spoof the IP via HTTP headers, though.)