Add XForwardedFor middleware

cms/envs/common.py

@@ -212,6 +212,9 @@ MIDDLEWARE_CLASSES = (
     'django.contrib.sessions.middleware.SessionMiddleware',
     'method_override.middleware.MethodOverrideMiddleware',
 
+    # Reverse proxy
+    'x_forwarded_for.middleware.XForwardedForMiddleware',
+
     # Instead of AuthenticationMiddleware, we use a cache-backed version
     'cache_toolbox.middleware.CacheBackedAuthenticationMiddleware',
     'student.middleware.UserStandingMiddleware',
@@ -620,6 +623,9 @@ INSTALLED_APPS = (
 
     # Additional problem types
     'edx_jsme',    # Molecular Structure
+
+    # Reverse proxy
+    'x_forwarded_for',
 )
 
 

common/djangoapps/x_forwarded_for/middleware.py

+class XForwardedForMiddleware(object):
+    """
+    Middleware for rewriting REMOTE_ADDR when behind a proxy
+    """
+
+    def process_request(self, request):
+        """
+        Rewrite the REMOTE_ADDR header using HTTP_X_FORWARDED_FOR
+        """
+        if 'HTTP_X_FORWARDED_FOR' in request.META:
+            request.META['REMOTE_ADDR'] = request.META['HTTP_X_FORWARDED_FOR']
+        return None

lms/envs/common.py

@@ -915,6 +915,9 @@ MIDDLEWARE_CLASSES = (
     'django.middleware.common.CommonMiddleware',
     'django.contrib.sessions.middleware.SessionMiddleware',
 
+    # Reverse proxy
+    'x_forwarded_for.middleware.XForwardedForMiddleware',
+
     # Instead of AuthenticationMiddleware, we use a cached backed version
     #'django.contrib.auth.middleware.AuthenticationMiddleware',
     'cache_toolbox.middleware.CacheBackedAuthenticationMiddleware',
@@ -1514,6 +1517,9 @@ INSTALLED_APPS = (
 
     # Surveys
     'survey',
+
+    # Reverse proxy
+    'x_forwarded_for',
 )
 
 ######################### MARKETING SITE ###############################