Django ALLOWED_HOSTS IP 范围
Django ALLOWED_HOSTS IPs range
有没有办法在 django 中设置 ALLOWED_HOSTS 个 IP 范围?
像这样:
ALLOWED_HOSTS = ['172.17.*.*']
不,这目前不可能。根据the docs,支持以下语法:
['www.example.com'] # Fully qualified domain
['.example.com'] # Subdomain wildcard, matches example.com and www.example.com
['*'] # Matches anything
如果查看 validate_host 方法的实现,您会发现允许单独使用 '*',但使用 * 作为字符串的一部分作为通配符(例如 '172.17.*.*')不受支持。
我找到了过滤 IP 范围的解决方案:
使用这种方法,我们可以通过任何方式过滤 IP(f.e。使用正则表达式)。
from django.http import HttpResponseForbidden
class FilterHostMiddleware(object):
def process_request(self, request):
allowed_hosts = ['127.0.0.1', 'localhost'] # specify complete host names here
host = request.META.get('HTTP_HOST')
if host[len(host)-10:] == 'dyndns.org': # if the host ends with dyndns.org then add to the allowed hosts
allowed_hosts.append(host)
elif host[:7] == '192.168': # if the host starts with 192.168 then add to the allowed hosts
allowed_hosts.append(host)
if host not in allowed_hosts:
raise HttpResponseForbidden
return None
感谢@Zorgmorduk
我在 Django 上发布了一张票,但我看到这可以通过执行以下操作来实现
from socket import gethostname, gethostbyname
ALLOWED_HOSTS = [ gethostname(), gethostbyname(gethostname()), ]
更新。如果您使用的是 docker,则以下代码更好,因为 gethostbyname 无法获得正确的信息。
from socket import gethostname, gethostbyname, gethostbyname_ex
ALLOWED_HOSTS = [ gethostname(), ] + list(set(gethostbyname_ex(gethostname())[2]))
它被转换成集合的原因是 gethostbyname_ex 可以 return 重复。
django 网站上的票证 link 是。
这是一个快速但肮脏的解决方案。
ALLOWED_HOSTS += ['172.17.{}.{}'.format(i,j) for i in range(256) for j in range(256)]
Mozilla 已经发布了一个名为 django-allow-cidr 的 Python 包,旨在解决这个问题。
announcement blog post 解释说它对于没有 Host header 并且只使用 IP 地址的健康检查等事情很有用。
您必须稍微更改您的 IP 地址 '172.17.*.*' 才能成为 CIDR range,例如 172.17.0.0/16
如果我们研究一下 Django 如何验证主机,我们就能深入了解如何制作更灵活的 ALLOWED_HOSTS 条目:
def validate_host(host, allowed_hosts):
"""
Validate the given host for this site.
Check that the host looks valid and matches a host or host pattern in the
given list of ``allowed_hosts``. Any pattern beginning with a period
matches a domain and all its subdomains (e.g. ``.example.com`` matches
``example.com`` and any subdomain), ``*`` matches anything, and anything
else must match exactly.
Note: This function assumes that the given host is lowercased and has
already had the port, if any, stripped off.
Return ``True`` for a valid host, ``False`` otherwise.
"""
return any(pattern == '*' or is_same_domain(host, pattern) for pattern in allowed_hosts)
. . .
def is_same_domain(host, pattern):
"""
Return ``True`` if the host is either an exact match or a match
to the wildcard pattern.
Any pattern beginning with a period matches a domain and all of its
subdomains. (e.g. ``.example.com`` matches ``example.com`` and
``foo.example.com``). Anything else is an exact string match.
"""
if not pattern:
return False
pattern = pattern.lower()
return (
pattern[0] == '.' and (host.endswith(pattern) or host == pattern[1:]) or
pattern == host
)
这是一个可以通过此验证的 RegexHost 实用程序。
class RegexHost(str):
def lower(self):
return self
def __init__(self, pattern):
super().__init__()
self.regex = re.compile(pattern)
def __eq__(self, other):
# override the equality operation to use regex matching
# instead of str.__eq__(self, other)
return self.regex.match(other)
可以这样使用:
# this matches '172.17.*.*' and also many impossible IPs
host = RegexHost(r'172\.17\.[0-9]{1,3}\.[0-9]{1,3}')
# Un-comment the below assertions to prove to yourself that this host
# validation works. Do not leave these assertions active in
# production code for startup performance considerations.
# assert all(host == f'172.17.{i}.{j}' for i in range(256) for j in range(256))
# assert not any(host == f'172.18.{i}.{j}' for i in range(256) for j in range(256))
ALLOWED_HOSTS = [host]
有没有办法在 django 中设置 ALLOWED_HOSTS 个 IP 范围?
像这样:
ALLOWED_HOSTS = ['172.17.*.*']
不,这目前不可能。根据the docs,支持以下语法:
['www.example.com'] # Fully qualified domain
['.example.com'] # Subdomain wildcard, matches example.com and www.example.com
['*'] # Matches anything
如果查看 validate_host 方法的实现,您会发现允许单独使用 '*',但使用 * 作为字符串的一部分作为通配符(例如 '172.17.*.*')不受支持。
我找到了过滤 IP 范围的解决方案:
使用这种方法,我们可以通过任何方式过滤 IP(f.e。使用正则表达式)。
from django.http import HttpResponseForbidden
class FilterHostMiddleware(object):
def process_request(self, request):
allowed_hosts = ['127.0.0.1', 'localhost'] # specify complete host names here
host = request.META.get('HTTP_HOST')
if host[len(host)-10:] == 'dyndns.org': # if the host ends with dyndns.org then add to the allowed hosts
allowed_hosts.append(host)
elif host[:7] == '192.168': # if the host starts with 192.168 then add to the allowed hosts
allowed_hosts.append(host)
if host not in allowed_hosts:
raise HttpResponseForbidden
return None
感谢@Zorgmorduk
我在 Django 上发布了一张票,但我看到这可以通过执行以下操作来实现
from socket import gethostname, gethostbyname
ALLOWED_HOSTS = [ gethostname(), gethostbyname(gethostname()), ]
更新。如果您使用的是 docker,则以下代码更好,因为 gethostbyname 无法获得正确的信息。
from socket import gethostname, gethostbyname, gethostbyname_ex
ALLOWED_HOSTS = [ gethostname(), ] + list(set(gethostbyname_ex(gethostname())[2]))
它被转换成集合的原因是 gethostbyname_ex 可以 return 重复。
django 网站上的票证 link 是。
这是一个快速但肮脏的解决方案。
ALLOWED_HOSTS += ['172.17.{}.{}'.format(i,j) for i in range(256) for j in range(256)]
Mozilla 已经发布了一个名为 django-allow-cidr 的 Python 包,旨在解决这个问题。
announcement blog post 解释说它对于没有 Host header 并且只使用 IP 地址的健康检查等事情很有用。
您必须稍微更改您的 IP 地址 '172.17.*.*' 才能成为 CIDR range,例如 172.17.0.0/16
如果我们研究一下 Django 如何验证主机,我们就能深入了解如何制作更灵活的 ALLOWED_HOSTS 条目:
def validate_host(host, allowed_hosts):
"""
Validate the given host for this site.
Check that the host looks valid and matches a host or host pattern in the
given list of ``allowed_hosts``. Any pattern beginning with a period
matches a domain and all its subdomains (e.g. ``.example.com`` matches
``example.com`` and any subdomain), ``*`` matches anything, and anything
else must match exactly.
Note: This function assumes that the given host is lowercased and has
already had the port, if any, stripped off.
Return ``True`` for a valid host, ``False`` otherwise.
"""
return any(pattern == '*' or is_same_domain(host, pattern) for pattern in allowed_hosts)
. . .
def is_same_domain(host, pattern):
"""
Return ``True`` if the host is either an exact match or a match
to the wildcard pattern.
Any pattern beginning with a period matches a domain and all of its
subdomains. (e.g. ``.example.com`` matches ``example.com`` and
``foo.example.com``). Anything else is an exact string match.
"""
if not pattern:
return False
pattern = pattern.lower()
return (
pattern[0] == '.' and (host.endswith(pattern) or host == pattern[1:]) or
pattern == host
)
这是一个可以通过此验证的 RegexHost 实用程序。
class RegexHost(str):
def lower(self):
return self
def __init__(self, pattern):
super().__init__()
self.regex = re.compile(pattern)
def __eq__(self, other):
# override the equality operation to use regex matching
# instead of str.__eq__(self, other)
return self.regex.match(other)
可以这样使用:
# this matches '172.17.*.*' and also many impossible IPs
host = RegexHost(r'172\.17\.[0-9]{1,3}\.[0-9]{1,3}')
# Un-comment the below assertions to prove to yourself that this host
# validation works. Do not leave these assertions active in
# production code for startup performance considerations.
# assert all(host == f'172.17.{i}.{j}' for i in range(256) for j in range(256))
# assert not any(host == f'172.18.{i}.{j}' for i in range(256) for j in range(256))
ALLOWED_HOSTS = [host]