Merge branch '2.4.0' of github.com:tomchristie/django-rest-framework into #1559

Conflicts: docs/topics/release-notes.md
author: Carlton Gibson 2014-06-24 10:30:08 +0200
committer: Carlton Gibson 2014-06-24 10:30:08 +0200
commit: d98245ac2234c2377a6243f8314b31fd68c902af (patch)
tree: 5fa88ae09d97a25e20d0dbf254ad028ef4351bca /rest_framework/throttling.py
parent: 3f727ce738776838d8420450ce28485954fbb097 (diff)
parent: 2489e38a06f575aa144644eee683bd87f20186ef (diff)
download: django-rest-framework-d98245ac2234c2377a6243f8314b31fd68c902af.tar.bz2
1 files changed, 22 insertions, 3 deletions
diff --git a/rest_framework/throttling.py b/rest_framework/throttling.py
index 91be9cfd..7e9f9d71 100644
--- a/rest_framework/throttling.py
+++ b/rest_framework/throttling.py
@@ -18,6 +18,25 @@ class BaseThrottle(object):
         """
         raise NotImplementedError('.allow_request() must be overridden')
 
+    def get_ident(self, request):
+        """
+        Identify the machine making the request by parsing HTTP_X_FORWARDED_FOR
+        if present and number of proxies is > 0. If not use all of
+        HTTP_X_FORWARDED_FOR if it is available, if not use REMOTE_ADDR.
+        """
+        xff = request.META.get('HTTP_X_FORWARDED_FOR')
+        remote_addr = request.META.get('REMOTE_ADDR')
+        num_proxies = api_settings.NUM_PROXIES
+
+        if num_proxies is not None:
+            if num_proxies == 0 or xff is None:
+                return remote_addr
+            addrs = xff.split(',')
+            client_addr = addrs[-min(num_proxies, len(xff))]
+            return client_addr.strip()
+
+        return xff if xff else remote_addr
+
     def wait(self):
         """
         Optionally, return a recommended number of seconds to wait before
@@ -162,7 +181,7 @@ class AnonRateThrottle(SimpleRateThrottle):
 
         return self.cache_format % {
             'scope': self.scope,
-            'ident': ident
+            'ident': self.get_ident(request)
         }
 
 
@@ -180,7 +199,7 @@ class UserRateThrottle(SimpleRateThrottle):
         if request.user.is_authenticated():
             ident = request.user.id
         else:
-            ident = request.META.get('REMOTE_ADDR', None)
+            ident = self.get_ident(request)
 
         return self.cache_format % {
             'scope': self.scope,
@@ -228,7 +247,7 @@ class ScopedRateThrottle(SimpleRateThrottle):
         if request.user.is_authenticated():
             ident = request.user.id
         else:
-            ident = request.META.get('REMOTE_ADDR', None)
+            ident = self.get_ident(request)
 
         return self.cache_format % {
             'scope': self.scope,
author	Carlton Gibson	2014-06-24 10:30:08 +0200
committer	Carlton Gibson	2014-06-24 10:30:08 +0200
commit	d98245ac2234c2377a6243f8314b31fd68c902af (patch)
tree	5fa88ae09d97a25e20d0dbf254ad028ef4351bca /rest_framework/throttling.py
parent	3f727ce738776838d8420450ce28485954fbb097 (diff)
parent	2489e38a06f575aa144644eee683bd87f20186ef (diff)
download	django-rest-framework-d98245ac2234c2377a6243f8314b31fd68c902af.tar.bz2