diff options
| author | Josh Kearney <josh.kearney@rackspace.com> | 2010-12-23 11:11:18 -0600 |
|---|---|---|
| committer | Josh Kearney <josh.kearney@rackspace.com> | 2010-12-23 11:11:18 -0600 |
| commit | e232fe3015b6e80a595551e7e80614f3bc385255 (patch) | |
| tree | 7aaf0b8817d23b4acdbab2c54b7c9968ee98c0bd /nova/api | |
| parent | a7dd37cfa300284f19e9b85858dc4bdf7dafc99f (diff) | |
| parent | 0761ecb442bcae74513a77c9bf19d195c89860ed (diff) | |
Merged trunk
Diffstat (limited to 'nova/api')
| -rw-r--r-- | nova/api/ec2/__init__.py | 8 | ||||
| -rw-r--r-- | nova/api/ec2/metadatarequesthandler.py | 11 |
2 files changed, 16 insertions, 3 deletions
diff --git a/nova/api/ec2/__init__.py b/nova/api/ec2/__init__.py index d1e2596c3..51d33bcc6 100644 --- a/nova/api/ec2/__init__.py +++ b/nova/api/ec2/__init__.py @@ -37,6 +37,9 @@ from nova.auth import manager FLAGS = flags.FLAGS +flags.DEFINE_boolean('use_forwarded_for', False, + 'Treat X-Forwarded-For as the canonical remote address. ' + 'Only enable this if you have a sanitizing proxy.') flags.DEFINE_boolean('use_lockout', False, 'Whether or not to use lockout middleware.') flags.DEFINE_integer('lockout_attempts', 5, @@ -144,9 +147,12 @@ class Authenticate(wsgi.Middleware): raise webob.exc.HTTPForbidden() # Authenticated! + remote_address = req.remote_addr + if FLAGS.use_forwarded_for: + remote_address = req.headers.get('X-Forwarded-For', remote_address) ctxt = context.RequestContext(user=user, project=project, - remote_address=req.remote_addr) + remote_address=remote_address) req.environ['ec2.context'] = ctxt return self.application diff --git a/nova/api/ec2/metadatarequesthandler.py b/nova/api/ec2/metadatarequesthandler.py index 0e9e686ff..f832863a9 100644 --- a/nova/api/ec2/metadatarequesthandler.py +++ b/nova/api/ec2/metadatarequesthandler.py @@ -23,9 +23,13 @@ import logging import webob.dec import webob.exc +from nova import flags from nova.api.ec2 import cloud +FLAGS = flags.FLAGS + + class MetadataRequestHandler(object): """Serve metadata from the EC2 API.""" @@ -63,10 +67,13 @@ class MetadataRequestHandler(object): @webob.dec.wsgify def __call__(self, req): cc = cloud.CloudController() - meta_data = cc.get_metadata(req.remote_addr) + remote_address = req.remote_addr + if FLAGS.use_forwarded_for: + remote_address = req.headers.get('X-Forwarded-For', remote_address) + meta_data = cc.get_metadata(remote_address) if meta_data is None: logging.error(_('Failed to get metadata for ip: %s') % - req.remote_addr) + remote_address) raise webob.exc.HTTPNotFound() data = self.lookup(req.path_info, meta_data) if data is None: |