Add XForwardedFor middleware

cms/envs/common.py

@@ -212,6 +212,9 @@ MIDDLEWARE_CLASSES = (
     'django.contrib.sessions.middleware.SessionMiddleware',
     'method_override.middleware.MethodOverrideMiddleware',
 
+    # Reverse proxy
+    'x_forwarded_for.middleware.XForwardedForMiddleware',
+
     # Instead of AuthenticationMiddleware, we use a cache-backed version
     'cache_toolbox.middleware.CacheBackedAuthenticationMiddleware',
     'student.middleware.UserStandingMiddleware',
@@ -571,6 +574,9 @@ INSTALLED_APPS = (
 
     # Additional problem types
     'edx_jsme',    # Molecular Structure
+
+    # Reverse proxy
+    'x_forwarded_for',
 )
 
 

common/djangoapps/x_forwarded_for/middleware.py

+class XForwardedForMiddleware(object):
+    """
+    Middleware for rewriting REMOTE_ADDR when behind a proxy
+    """
+
+    def process_request(self, request):
+        """
+        Rewrite the REMOTE_ADDR header using HTTP_X_FORWARDED_FOR
+        """
+        if 'HTTP_X_FORWARDED_FOR' in request.META:
+            request.META['REMOTE_ADDR'] = request.META['HTTP_X_FORWARDED_FOR']
+        return None

lms/envs/common.py

@@ -904,6 +904,9 @@ MIDDLEWARE_CLASSES = (
     'django.middleware.common.CommonMiddleware',
     'django.contrib.sessions.middleware.SessionMiddleware',
 
+    # Reverse proxy
+    'x_forwarded_for.middleware.XForwardedForMiddleware',
+
     # Instead of AuthenticationMiddleware, we use a cached backed version
     #'django.contrib.auth.middleware.AuthenticationMiddleware',
     'cache_toolbox.middleware.CacheBackedAuthenticationMiddleware',
@@ -1426,6 +1429,9 @@ INSTALLED_APPS = (
 
     # edX Mobile API
     'mobile_api',
+
+    # Reverse proxy
+    'x_forwarded_for',
 )
 
 ######################### MARKETING SITE ###############################