diff options
| author | Tom Christie | 2013-08-28 15:32:41 +0100 |
|---|---|---|
| committer | Tom Christie | 2013-08-28 15:32:41 +0100 |
| commit | 2d5e14a8d39a53c8a2e6d28fb8ae7debb5fbd388 (patch) | |
| tree | 046fb7dd1a4d42c2ff9bea5e7d3964bec4addced /rest_framework | |
| parent | 711fb9761c9722a83c083257d15c0ec8f755ca7a (diff) | |
| download | django-rest-framework-2d5e14a8d39a53c8a2e6d28fb8ae7debb5fbd388.tar.bz2 | |
Throttles now use HTTP_X_FORWARDED_FOR, falling back to REMOTE_ADDR to identify anonymous requests
Diffstat (limited to 'rest_framework')
| -rw-r--r-- | rest_framework/throttling.py | 4 |
1 files changed, 3 insertions, 1 deletions
diff --git a/rest_framework/throttling.py b/rest_framework/throttling.py index 8943f22c..a946d837 100644 --- a/rest_framework/throttling.py +++ b/rest_framework/throttling.py @@ -152,7 +152,9 @@ class AnonRateThrottle(SimpleRateThrottle): if request.user.is_authenticated(): return None # Only throttle unauthenticated requests. - ident = request.META.get('REMOTE_ADDR', None) + ident = request.META.get('HTTP_X_FORWARDED_FOR') + if ident is None: + ident = request.META.get('REMOTE_ADDR') return self.cache_format % { 'scope': self.scope, |