Django IPware

用于获取客户端IP地址的Django应用

替代包

如果您更喜欢一个纯Python版本，该版本不直接集成到Django中，但提供了更多灵活性和高级功能，则可以使用python-ipware包。从版本6.0.0开始，django-ipware是使用python-ipware的包装器。

概述

最佳尝试 在保持其 DRY 的同时获取客户端的IP地址。

注意

没有完美的 out-of-the-box 解决方案来对抗伪造IP地址，即所谓的 IP地址欺骗。您被鼓励阅读此页面的 (高级用户) 部分，并使用 trusted_proxies_ips 和/或 proxy_count 功能来满足您的需求，尤其是如果您计划将 ipware 包含在任何认证、安全或 anti-fraud 相关架构中。

这是一个开源项目，源代码对所有可见。因此，它可能通过未实现或不当实现的功能被利用。

请仅将ipware用作您的 防火墙 安全措施的补充！

如何安装

1. easy_install django-ipware
2. pip install django-ipware
3. git clone http://github.com/un33k/django-ipware
    a. cd django-ipware
    b. run python setup.py install
4. wget https://github.com/un33k/django-ipware/zipball/master
    a. unzip the downloaded file
    b. cd into django-ipware-* directory
    c. run python setup.py install

如何使用

 # In a view or a middleware where the `request` object is available

 from ipware import get_client_ip
 client_ip, is_routable = get_client_ip(request)
 if client_ip is None:
    # Unable to get the client's IP address
 else:
     # We got the client's IP address
     if is_routable:
         # The client's IP address is publicly routable on the Internet
     else:
         # The client's IP address is private

高级用户

• 优先级顺序

  默认的元信息优先级顺序是从上到下。您可以通过在项目的settings.py中添加自己的IPWARE_META_PRECEDENCE_ORDER来自定义顺序。

   # The default meta precedence order (update as needed)
   IPWARE_META_PRECEDENCE_ORDER = (
        "X_FORWARDED_FOR",  # Load balancers or proxies such as AWS ELB (default client is `left-most` [`<client>, <proxy1>, <proxy2>`])
        "HTTP_X_FORWARDED_FOR",  # Similar to X_FORWARDED_TO
        "HTTP_CLIENT_IP",  # Standard headers used by providers such as Amazon EC2, Heroku etc.
        "HTTP_X_REAL_IP",  # Standard headers used by providers such as Amazon EC2, Heroku etc.
        "HTTP_X_FORWARDED",  # Squid and others
        "HTTP_X_CLUSTER_CLIENT_IP",  # Rackspace LB and Riverbed Stingray
        "HTTP_FORWARDED_FOR",  # RFC 7239
        "HTTP_FORWARDED",  # RFC 7239
        "HTTP_CF_CONNECTING_IP",  # CloudFlare
        "X-CLIENT-IP",  # Microsoft Azure
        "X-REAL-IP",  # NGINX
        "X-CLUSTER-CLIENT-IP",  # Rackspace Cloud Load Balancers
        "X_FORWARDED",  # Squid
        "FORWARDED_FOR",  # RFC 7239
        "CF-CONNECTING-IP",  # CloudFlare
        "TRUE-CLIENT-IP",  # CloudFlare Enterprise,
        "FASTLY-CLIENT-IP",  # Firebase, Fastly
        "FORWARDED",  # RFC 7239
        "CLIENT-IP",  # Akamai and Cloudflare: True-Client-IP and Fastly: Fastly-Client-IP
        "REMOTE_ADDR",  # Default
    )
  

  或者，在调用get_client_ip()时，您可以提供自定义的请求头元信息优先级顺序。

get_client_ip(request, request_header_order=['X_FORWARDED_FOR'])
get_client_ip(request, request_header_order=['X_FORWARDED_FOR', 'HTTP_X_FORWARDED_FOR'])

• 代理计数

  除非在调用get_client_ip()时明确提供作为参数，否则默认的元信息代理计数为0。您可以通过在项目的settings.py中添加自己的IPWARE_META_PROXY_COUNT来自定义顺序。

可信代理

如果您的Django服务器位于一个或多个已知代理服务器后面，您可以通过在调用get_client_ip(request, proxy_trusted_ips=['177.139.233.133'])时提供trusted代理列表来过滤掉不想要的请求。在以下示例中，您的负载均衡器（LB）可以被视为一个trusted代理。

 `Real` Client  <public> <---> <public> LB (Server) <private> <--------> <private> Django Server
                                                                   ^
                                                                   |
 `Fake` Client  <private> <---> <private> LB (Server) <private> ---^

# In the above scenario, use your load balancer IP address as a way to filter out unwanted requests.
client_ip, is_routable = get_client_ip(request, proxy_trusted_ips=['177.139.233.133'])

# If you have multiple proxies, simply add them to the list
client_ip, is_routable = get_client_ip(request, proxy_trusted_ips=['177.139.233.133', '177.139.233.134'])

# For proxy servers with fixed sub-domain and dynamic IP, use the following pattern.
client_ip, is_routable = get_client_ip(request, proxy_trusted_ips=['177.139.', '177.140'])
client_ip, is_routable = get_client_ip(request, proxy_trusted_ips=['177.139.233.', '177.139.240'])

请注意：默认情况下，链中的最右边的代理是可信代理，也就是Django服务器与之通信的那个。因此，ipware会检查最右边的代理地址是否以通过proxy_trusted_ips列表传递的任何IP模式开头。

代理计数

如果您的Django服务器位于一个已知数量的代理服务器后面，您可以通过在调用get_client_ip(request, proxy_count=1)时提供代理的数量来过滤掉不想要的请求。在以下示例中，您的负载均衡器（LB）可以被视为唯一的代理。

 `Real` Client  <public> <---> <public> LB (Server) <private> <--------> <private> Django Server
                                                                   ^
                                                                   |
                                       `Fake` Client  <private> ---^

# In the above scenario, the total number of proxies can be used as a way to filter out unwanted requests.
client_ip, is_routable = get_client_ip(request, proxy_count=1)

# The above may be very useful in cases where your proxy server's IP address is assigned dynamically.
# However, If you have the proxy IP address, you can use it in combination to the proxy count.
client_ip, is_routable = get_client_ip(request, proxy_count=1, proxy_trusted_ips=['177.139.233.133'])

原始请求

如果您的代理服务器配置为最右边的IP地址是原始客户端的IP地址，您可以在调用get_client_ip(request, proxy_order="right-most")时将right-most指定为您的proxy_order。请注意，按照<客户端>, <代理1>, <代理2>的顺序，原始客户端IP地址的默认实际标准是最左边的。

运行测试

要针对当前环境运行测试

python manage.py test

许可证

在MIT许可下发布。

版本

X.Y.Z版本

`MAJOR` version -- when you make incompatible API changes,
`MINOR` version -- when you add functionality in a backwards-compatible manner, and
`PATCH` version -- when you make backwards-compatible bug fixes.

赞助商

Neekware Inc.