djb.headerproxy

.. contents::

Introduction

Simple package that extends the proxy object within Paste to allow the WSGI proxy to read its connection location from arbitrary headers. It will keep all other headers (including Host: intact during transit); you may or may not need to adjust what you're doing upstream accordingly.

Configuration

By default, the proxy will read the host to connect to from the X-Proxy-Force-Host header and read the connection scheme from X-Proxy-Force-Scheme.

You can override these using relevant configuration like follows. Keep in mind that at time of proxy, we're reading headers from the environ dictionary, so specify your headers in this manner. For instance, X-Proxy-Foobar will become visible in the environ dict as HTTP_PROXY_FOOBAR (noting dashes to underscores, and replacement of X with HTTP). You can make this mapping happen thusly::

[app:proxy]
use = egg:djb.headerproxy
force_host = HTTP_PROXY_FORCE_HOST
force_scheme = HTTP_PROXY_FORCE_SCHEME

The above example is overly verbose, however, as we already default to using these specific headers. This does demonstrate how you can customise this behaviour to suit you -- for instance, if your front-end automatically provides some headers, you can configure the mapping accordingly.

Warning

If unprotected, this WSGI middleware could be used as an open proxy since headers can easily be spoofed. You should take steps to either firewall off your application, drop headers at an upstream web server, run this as a local socket, or do something similar (or all of the above!).

You've been warned.

Source code

Available on GitHub at http://github.com/davidjb/djb.headerproxy/ - fork away!

Contributors

David Beitey, Author

Changelog

0.1.1 (2012-08-09)

• Add a main entry point as well - this is just an alias to the same proxy app. [davidjb]

0.1 (2012-08-03)

• Initial creation of proxy that uses header-based configuration. [davidjb]
• Package created using templer [davidjb]