Commit c4216019 authored by Aatish Neupane's avatar Aatish Neupane

ensure ipv4/ipv6 test is included

parent 241ad0de
DEBUG=True
DISABLE_IPV4_BLOCK=False
ALLOWED_HOSTS=.localhost, .ipv6.work
AUTH_LDAP_SERVER_URI=ldap://<ldap_host>
AUTH_LDAP_BIND_DN=cn=admin,dc=example,dc=com
......
import re
import socket
from django.conf import settings
from django.http import HttpResponse
def is_valid_ipv6(ip_address):
try:
socket.inet_pton(socket.AF_INET6, ip_address)
return True
except socket.error:
return False
def is_ipv6_exempt(path):
return any(re.match(m, path) for m in settings.IPV6_EXEMPT_URLS)
def block_ipv4(get_response):
''' block IPv4 requests except if the url is in IPV6_EXEMPT_URLS'''
def middleware(request):
if getattr(settings, 'DISABLE_IPV4_BLOCK', False):
return get_response(request)
path = request.path_info.lstrip('/')
x_forwarded_for = request.META.get('HTTP_X_FORWARDED_FOR')
if x_forwarded_for:
client_ip = x_forwarded_for
else:
client_ip = request.META.get('REMOTE_ADDR')
print(is_ipv6_exempt(path), is_valid_ipv6(client_ip))
if is_valid_ipv6(client_ip) or is_ipv6_exempt(path):
return get_response(request)
else:
return HttpResponse('Sorry, only reachable by IPv6')
return middleware
......@@ -67,8 +67,13 @@ MIDDLEWARE = [
'django.contrib.auth.middleware.AuthenticationMiddleware',
'django.contrib.messages.middleware.MessageMiddleware',
'django.middleware.clickjacking.XFrameOptionsMiddleware',
'ipv6work.ipv6middleware.block_ipv4'
]
IPV6_EXEMPT_URLS = [r'^$']
DISABLE_IPV4_BLOCK = config('DISABLE_IPV4_BLOCK', cast=bool, default=False)
ROOT_URLCONF = 'ipv6work.urls'
TEMPLATES = [
......
Markdown is supported
0%
or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment