• SAE Django如何禁止外部IP访问


    在SAE上基于Django搭建的Web工程有时需要禁止来自某些特定IP地址的访问请求。

    例如一个为搭建在SAE的其他项目提供服务的内部工程,可以设置为只允许SAE内部的IP地址访问,从而提高项目的安全性。

    要修改SAE Django工程的访问规则,需要变更工程的WSGI配置文件。

    通过向WSGI配置文件添加中间件,可以根据客户端请求信息的IP地址、User-Agent,Referer等属性对访问请求进行过滤。

    SAE Django工程根目录1/下的index.wsgi的路由配置源码如下:

    #Router
    import sae
    from mysite import wsgi
    
    application = sae.create_wsgi_app(wsgi.application)
    

    1/mysite/wsgi.py源码如下:

    #encoding=utf8
    """
    WSGI config for mysite project.
    
    This module contains the WSGI application used by Django's development server
    and any production WSGI deployments. It should expose a module-level variable
    named ``application``. Django's ``runserver`` and ``runfcgi`` commands discover
    this application via the ``WSGI_APPLICATION`` setting.
    
    Usually you will have the standard Django WSGI application here, but it also
    might make sense to replace the whole Django WSGI application with a custom one
    that later delegates to the Django one. For example, you could introduce WSGI
    middleware here, or combine a Django application with an application of another
    framework.
    
    """
    import os
    
    os.environ.setdefault("DJANGO_SETTINGS_MODULE", "mysite.settings")
    
    # This application object is used by any WSGI server configured to use this
    # file. This includes Django's development server, if the WSGI_APPLICATION
    # setting points here.
    from django.core.wsgi import get_wsgi_application
    application = get_wsgi_application()
    
    # Apply WSGI middleware here.
    # from helloworld.wsgi import HelloWorldApplication
    # application = HelloWorldApplication(application)
    
    import django.core.handlers.wsgi
    _application = django.core.handlers.wsgi.WSGIHandler()
    
    def application(environ, start_response):
      content = '<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd"><html xmlns="http://www.w3.org/1999/xhtml"><head><meta http-equiv="Content-Type" content="text/html; charset=UTF-8" /><title>您访问的网站不存在 - Sina App Engine</title><style type="text/css">body{background-color:#fff}.kc{font-size:16px;text-decoration:none;font-family:"新宋体";color:#333}.ed{800px;margin:100px auto}.ec{800px;height:207px;margin:10px 0;background-color:#69bee6;-moz-border-radius:10px;-webkit-border-radius:10px;border-radius:10px;color:#fff}.et{margin-left:200px;font-size:30px;font-weight:bolder;font-family:"黑体";padding-top:65px}.ex{margin-left:200px;font-size:12px;padding-top:10px}.ex a{color:#fff}.fr{float:right}.fl{float:left}.bt{font-family:Arial;font-size:12px;color:#666}.bt a{color:#666;text-decoration:none}.bt a:hover{color:#69bee6;text-decoration:underline}.ei{margin-left:10px;margin-top:50px}</style></head><body><div class="ed"><div class="ec"><img src="http://lib.sinaapp.com/error_img.gif" class="fl ei"/><div class="et">您访问的网站不存在<br /></div><div class="ex">请检查您所输入的网址是否有误</div></div><div class="fl bt">页面将在 <span id="showtext"></span>秒 内跳转至 <a href="http://yunshangdian.com/?c=wiki&page=intro"> 新浪云商店 </a></div><div class="fr bt"><a href="http://www.sinaapp.com">Powered By SinaAppEngine</a></div></div><script type="text/javascript">/*<![CDATA[*/(function(){var h=10,g=document.getElementById("showtext");this.a=setInterval(function(){this.d()},1000);g.innerHTML=h;this.d=function(){0<h?g.innerHTML=h--:(clearInterval(this.a),window.location.href="http://yunshangdian.com/?c=wiki&page=intro")};this.b=setInterval(function(){this.c()},10);this.c=function(){var d=document.getElementsByTagName("a"),c;for(c in d){d[c].href&&/jiankongbao/i.test(d[c].href)&&(d[c].style.display="none",clearInterval(this.b))}};var b=document.createElement("script");b.type="text/javascript";b.async=!0;b.src="http://exp.jiankongbao.com/loadtrace.php?host_id=10667&style=5&type=1";var f=document.getElementsByTagName("script")[0];f.parentNode.insertBefore(b,f)})();/*]]>*/</script></body></html>'
      remote_addr = environ.get('REMOTE_ADDR')
      if remote_addr and not remote_addr.startswith('10.67'):
        start_response('600 domain_not_exists', [('Content-Type', 'text/html; charset=utf-8'),])
        return [content]
      return _application(environ, start_response)

    上述源码对来自SAE外部的(IP地址不以10.67开始)HTTP请求进行过滤,返回信息为600 domain_not_exists。

  • 相关阅读:
    linux执行命令并获取结果(system)
    awk----基本用法
    shell用法总结
    autoit(au3)使用说明
    博客搜集
    vi常用快捷键总结
    python简单学------------程序传参数,列表推导式,set、list、tuple 转换
    python简单学------------模块
    python简单学------------python面向对象(3)
    python简单学------------python面向对象(2)
  • 原文地址:https://www.cnblogs.com/bokejiayuan/p/4222325.html
Copyright © 2020-2023  润新知