1 files changed, 25 insertions, 8 deletions

diff --git a/rest_framework/throttling.py b/rest_framework/throttling.py
index a946d837..0f10136d 100644
--- a/rest_framework/throttling.py
+++ b/rest_framework/throttling.py
@@ -18,6 +18,25 @@ class BaseThrottle(object):
         """
         raise NotImplementedError('.allow_request() must be overridden')
 
+    def get_ident(self, request):
+        """
+        Identify the machine making the request by parsing HTTP_X_FORWARDED_FOR
+        if present and number of proxies is > 0. If not use all of
+        HTTP_X_FORWARDED_FOR if it is available, if not use REMOTE_ADDR.
+        """
+        xff = request.META.get('HTTP_X_FORWARDED_FOR')
+        remote_addr = request.META.get('REMOTE_ADDR')
+        num_proxies = api_settings.NUM_PROXIES
+
+        if num_proxies is not None:
+            if num_proxies == 0 or xff is None:
+                return remote_addr
+            addrs = xff.split(',')
+            client_addr = addrs[-min(num_proxies, len(addrs))]
+            return client_addr.strip()
+
+        return ''.join(xff.split()) if xff else remote_addr
+
     def wait(self):
         """
         Optionally, return a recommended number of seconds to wait before
@@ -41,7 +60,7 @@ class SimpleRateThrottle(BaseThrottle):
 
     cache = default_cache
     timer = time.time
-    cache_format = 'throtte_%(scope)s_%(ident)s'
+    cache_format = 'throttle_%(scope)s_%(ident)s'
     scope = None
     THROTTLE_RATES = api_settings.DEFAULT_THROTTLE_RATES
 
@@ -136,6 +155,8 @@ class SimpleRateThrottle(BaseThrottle):
             remaining_duration = self.duration
 
         available_requests = self.num_requests - len(self.history) + 1
+        if available_requests <= 0:
+            return None
 
         return remaining_duration / float(available_requests)
 
@@ -152,13 +173,9 @@ class AnonRateThrottle(SimpleRateThrottle):
         if request.user.is_authenticated():
             return None  # Only throttle unauthenticated requests.
 
-        ident = request.META.get('HTTP_X_FORWARDED_FOR')
-        if ident is None:
-            ident = request.META.get('REMOTE_ADDR')
-
         return self.cache_format % {
             'scope': self.scope,
-            'ident': ident
+            'ident': self.get_ident(request)
         }
 
 
@@ -176,7 +193,7 @@ class UserRateThrottle(SimpleRateThrottle):
         if request.user.is_authenticated():
             ident = request.user.id
         else:
-            ident = request.META.get('REMOTE_ADDR', None)
+            ident = self.get_ident(request)
 
         return self.cache_format % {
             'scope': self.scope,
@@ -224,7 +241,7 @@ class ScopedRateThrottle(SimpleRateThrottle):
         if request.user.is_authenticated():
             ident = request.user.id
         else:
-            ident = request.META.get('REMOTE_ADDR', None)
+            ident = self.get_ident(request)
 
         return self.cache_format % {
             'scope': self.scope,