Add support for --forwarded-allow-ips

tests/middleware/test_proxy_headers.py

@@ -11,7 +11,7 @@ async def app(scope, receive, send):
     await response(scope, receive, send)
 
 
-app = ProxyHeadersMiddleware(app)
+app = ProxyHeadersMiddleware(app, trusted_hosts="*")
 
 
 def test_proxy_headers():

tests/test_config.py

@@ -5,6 +5,7 @@
 from uvicorn import protocols
 from uvicorn.config import Config
 from uvicorn.middleware.debug import DebugMiddleware
+from uvicorn.middleware.proxy_headers import ProxyHeadersMiddleware
 from uvicorn.middleware.wsgi import WSGIMiddleware
 
 
@@ -17,26 +18,27 @@ def wsgi_app():
 
 
 def test_debug_app():
-    config = Config(app=asgi_app, debug=True)
+    config = Config(app=asgi_app, debug=True, proxy_headers=False)
     config.load()
 
     assert config.debug is True
     assert isinstance(config.loaded_app, DebugMiddleware)
 
 
 def test_wsgi_app():
-    config = Config(app=wsgi_app, interface="wsgi")
+    config = Config(app=wsgi_app, interface="wsgi", proxy_headers=False)
     config.load()
 
     assert isinstance(config.loaded_app, WSGIMiddleware)
     assert config.interface == "wsgi"
 
 
 def test_proxy_headers():
-    config = Config(app=asgi_app, proxy_headers=True)
+    config = Config(app=asgi_app)
     config.load()
 
     assert config.proxy_headers is True
+    assert isinstance(config.loaded_app, ProxyHeadersMiddleware)
 
 
 def test_app_unimportable():

uvicorn/config.py

@@ -55,6 +55,9 @@
 except ValueError:
     DEFAULT_WORKERS = 1
 
+DEFAULT_FORWARDED_IPS = os.environ.get("FORWARDED_ALLOW_IPS", "127.0.0.1")
+
+
 # Fallback to 'ssl.PROTOCOL_SSLv23' in order to support Python < 3.5.3.
 SSL_PROTOCOL_VERSION = getattr(ssl, "PROTOCOL_TLS", ssl.PROTOCOL_SSLv23)
 
@@ -124,7 +127,8 @@ def __init__(
         reload=False,
         reload_dirs=None,
         workers=DEFAULT_WORKERS,
-        proxy_headers=False,
+        proxy_headers=True,
+        forwarded_allow_ips=DEFAULT_FORWARDED_IPS,
         root_path="",
         limit_concurrency=None,
         limit_max_requests=None,
@@ -156,6 +160,7 @@ def __init__(
         self.reload = reload
         self.workers = workers
         self.proxy_headers = proxy_headers
+        self.forwarded_allow_ips = forwarded_allow_ips
         self.root_path = root_path
         self.limit_concurrency = limit_concurrency
         self.limit_max_requests = limit_max_requests
@@ -279,7 +284,9 @@ def load(self):
         if logger.level <= logging.DEBUG:
             self.loaded_app = MessageLoggerMiddleware(self.loaded_app)
         if self.proxy_headers:
-            self.loaded_app = ProxyHeadersMiddleware(self.loaded_app)
+            self.loaded_app = ProxyHeadersMiddleware(
+                self.loaded_app, trusted_hosts=self.forwarded_allow_ips
+            )
 
         self.loaded = True
 

uvicorn/main.py

@@ -13,6 +13,7 @@
 import click
 
 from uvicorn.config import (
+    DEFAULT_FORWARDED_IPS,
     DEFAULT_WORKERS,
     HTTP_PROTOCOLS,
     INTERFACES,
@@ -127,13 +128,22 @@
     show_default=True,
 )
 @click.option(
-    "--no-access-log", is_flag=True, default=False, help="Disable access log."
+    "--access-log/--no-access-log",
+    is_flag=True,
+    default=True,
+    help="Enable/Disable access log.",
 )
 @click.option(
-    "--proxy-headers",
+    "--proxy-headers/--no-proxy-headers",
     is_flag=True,
-    default=False,
-    help="Use X-Forwarded-Proto, X-Forwarded-For, X-Forwarded-Port to populate remote address info.",
+    default=None,
+    help="Enable/Disable X-Forwarded-Proto, X-Forwarded-For, X-Forwarded-Port to populate remote address info.",
+)
+@click.option(
+    "--forwarded-allow-ips",
+    type=str,
+    default=DEFAULT_FORWARDED_IPS,
+    help="Comma seperated list of IPs to trust with proxy headers. Defaults to the $FORWARDED_ALLOW_IPS environment variable if available, or '127.0.0.1'.",
 )
 @click.option(
     "--root-path",
@@ -221,8 +231,9 @@ def main(
     workers: int,
     log_config: str,
     log_level: str,
-    no_access_log: bool,
+    access_log: bool,
     proxy_headers: bool,
+    forwarded_allow_ips: str,
     root_path: str,
     limit_concurrency: int,
     limit_max_requests: int,
@@ -249,13 +260,14 @@ def main(
         "lifespan": lifespan,
         "log_config": LOGGING_CONFIG if log_config is None else log_config,
         "log_level": log_level,
-        "access_log": not no_access_log,
+        "access_log": access_log,
         "interface": interface,
         "debug": debug,
         "reload": reload,
         "reload_dirs": reload_dirs if reload_dirs else None,
         "workers": workers,
         "proxy_headers": proxy_headers,
+        "forwarded_allow_ips": forwarded_allow_ips,
         "root_path": root_path,
         "limit_concurrency": limit_concurrency,
         "limit_max_requests": limit_max_requests,

uvicorn/middleware/proxy_headers.py

@@ -11,27 +11,35 @@
 
 
 class ProxyHeadersMiddleware:
-    def __init__(self, app, num_proxies=1):
+    def __init__(self, app, trusted_hosts="127.0.0.1"):
         self.app = app
-        self.num_proxies = num_proxies
+        if isinstance(trusted_hosts, str):
+            self.trusted_hosts = [item.strip() for item in trusted_hosts.split(",")]
+        else:
+            self.trusted_hosts = trusted_hosts
+        self.always_trust = "*" in self.trusted_hosts
 
     async def __call__(self, scope, receive, send):
         if scope["type"] in ("http", "websocket"):
-            headers = dict(scope["headers"])
-
-            if b"x-forwarded-proto" in headers:
-                # Determine if the incoming request was http or https based on
-                # the X-Forwarded-Proto header.
-                x_forwarded_proto = headers[b"x-forwarded-proto"].decode("ascii")
-                scope["scheme"] = x_forwarded_proto.strip()
-
-            if b"x-forwarded-for" in headers:
-                # Determine the client address from the last trusted IP in the
-                # X-Forwarded-For header. We've lost the connecting client's port
-                # information by now, so only include the host.
-                x_forwarded_for = headers[b"x-forwarded-for"].decode("ascii")
-                host = x_forwarded_for.split(",")[-self.num_proxies].strip()
-                port = 0
-                scope["client"] = (host, port)
-
-        await self.app(scope, receive, send)
+            client_addr = scope.get("client")
+            client_host = client_addr[0] if client_addr else None
+
+            if self.always_trust or client_host in self.trusted_hosts:
+                headers = dict(scope["headers"])
+
+                if b"x-forwarded-proto" in headers:
+                    # Determine if the incoming request was http or https based on
+                    # the X-Forwarded-Proto header.
+                    x_forwarded_proto = headers[b"x-forwarded-proto"].decode("ascii")
+                    scope["scheme"] = x_forwarded_proto.strip()
+
+                if b"x-forwarded-for" in headers:
+                    # Determine the client address from the last trusted IP in the
+                    # X-Forwarded-For header. We've lost the connecting client's port
+                    # information by now, so only include the host.
+                    x_forwarded_for = headers[b"x-forwarded-for"].decode("ascii")
+                    host = x_forwarded_for.split(",")[-1].strip()
+                    port = 0
+                    scope["client"] = (host, port)
+
+        return await self.app(scope, receive, send)