ClientIP always Loopback?

classic Classic list List threaded Threaded
3 messages Options
Reply | Threaded
Open this post in threaded view
|

ClientIP always Loopback?

Andrew Gartland
Hi,
I'm new to the list though I've been using pyamf for a little while
now. It has been extremely satisfying working with this module, the
way i can pass complicated data structures back and forth to my flex
apps so seamlessly!

I have a question though. I'm trying to track the clients that are
making requests to my TwistedGateway. I am trying to do this by
exposing the request to the function in the twisted service instance
(using @expose_request decorator). The request object has a
getClientIP() method that always returns "127.0.0.1". Is this some
kind of security feature that Flash has built-in so as to mask the
source of the request or is this because the request is somehow
getting passed through the gateway via another server that is altering
the request headers? Any ideas how I can work around this? Thank you!

Andrew
_______________________________________________
PyAMF users mailing list - [hidden email]
http://lists.pyamf.org/mailman/listinfo/users
Reply | Threaded
Open this post in threaded view
|

Re: ClientIP always Loopback?

Nick Joyce
On 7 Jul 2010, at 08:47, Andrew Gartland wrote:

> Hi,
> I'm new to the list though I've been using pyamf for a little while
> now. It has been extremely satisfying working with this module, the
> way i can pass complicated data structures back and forth to my flex
> apps so seamlessly!
>
> I have a question though. I'm trying to track the clients that are
> making requests to my TwistedGateway. I am trying to do this by
> exposing the request to the function in the twisted service instance
> (using @expose_request decorator). The request object has a
> getClientIP() method that always returns "127.0.0.1". Is this some
> kind of security feature that Flash has built-in so as to mask the
> source of the request or is this because the request is somehow
> getting passed through the gateway via another server that is altering
> the request headers? Any ideas how I can work around this? Thank you!

We use getClientIP in the Twisted example page: http://pyamf.org/tutorials/gateways/twisted.html

Only thing that springs to mind is if the TwistedGateway sitting behind some reverse proxy which is connected via loopback? If thats the case then inspect the X-Forwarded-For http header.

Cheers,

Nick
_______________________________________________
PyAMF users mailing list - [hidden email]
http://lists.pyamf.org/mailman/listinfo/users
Reply | Threaded
Open this post in threaded view
|

Re: ClientIP always Loopback?

Andrew Gartland
Thanks for the tip! Indeed the ip address was in the "x-forwarded-for"
header. -Andrew

On Tue, Jul 6, 2010 at 5:59 PM, Nick Joyce <[hidden email]> wrote:

> On 7 Jul 2010, at 08:47, Andrew Gartland wrote:
>
>> Hi,
>> I'm new to the list though I've been using pyamf for a little while
>> now. It has been extremely satisfying working with this module, the
>> way i can pass complicated data structures back and forth to my flex
>> apps so seamlessly!
>>
>> I have a question though. I'm trying to track the clients that are
>> making requests to my TwistedGateway. I am trying to do this by
>> exposing the request to the function in the twisted service instance
>> (using @expose_request decorator). The request object has a
>> getClientIP() method that always returns "127.0.0.1". Is this some
>> kind of security feature that Flash has built-in so as to mask the
>> source of the request or is this because the request is somehow
>> getting passed through the gateway via another server that is altering
>> the request headers? Any ideas how I can work around this? Thank you!
>
> We use getClientIP in the Twisted example page: http://pyamf.org/tutorials/gateways/twisted.html
>
> Only thing that springs to mind is if the TwistedGateway sitting behind some reverse proxy which is connected via loopback? If thats the case then inspect the X-Forwarded-For http header.
>
> Cheers,
>
> Nick
> _______________________________________________
> PyAMF users mailing list - [hidden email]
> http://lists.pyamf.org/mailman/listinfo/users
>
_______________________________________________
PyAMF users mailing list - [hidden email]
http://lists.pyamf.org/mailman/listinfo/users