2015年(62)
分类: LINUX
2015-01-13 19:37:17
在SAE上基于Django搭建的Web工程有时需要禁止来自某些特定IP地址的访问请求。
例如一个为搭建在SAE的其他项目提供服务的内部工程,可以设置为只允许SAE内部的IP地址访问,从而提高项目的安全性。
要修改SAE Django工程的访问规则,需要变更工程的WSGI配置文件。
通过向WSGI配置文件添加中间件,可以根据客户端请求信息的IP地址、User-Agent,Referer等属性对访问请求进行过滤。
SAE Django工程根目录1/下的index.wsgi的路由配置源码如下:
#Router import sae from mysite import wsgi application = sae.create_wsgi_app(wsgi.application)
1/mysite/wsgi.py源码如下:
#encoding=utf8 """ WSGI config for mysite project. This module contains the WSGI application used by Django's development server and any production WSGI deployments. It should expose a module-level variable named ``application``. Django's ``runserver`` and ``runfcgi`` commands discover this application via the ``WSGI_APPLICATION`` setting. Usually you will have the standard Django WSGI application here, but it also might make sense to replace the whole Django WSGI application with a custom one that later delegates to the Django one. For example, you could introduce WSGI middleware here, or combine a Django application with an application of another framework. """ import os os.environ.setdefault("DJANGO_SETTINGS_MODULE", "mysite.settings") # This application object is used by any WSGI server configured to use this # file. This includes Django's development server, if the WSGI_APPLICATION # setting points here. from django.core.wsgi import get_wsgi_application application = get_wsgi_application() # Apply WSGI middleware here. # from helloworld.wsgi import HelloWorldApplication # application = HelloWorldApplication(application) import django.core.handlers.wsgi _application = django.core.handlers.wsgi.WSGIHandler() def application(environ, start_response): content = '您访问的网站不存在 - Sina App Engine ' remote_addr = environ.get('REMOTE_ADDR') if remote_addr and not remote_addr.startswith('10.67'): start_response('600 domain_not_exists', [('Content-Type', 'text/html; charset=utf-8'),]) return [content] return _appliion(environ, st_response)
上述源码对来自SAE外部的(IP地址不以10.67开始)HTTP请求进行过滤,返回信息为600 domain_not_exists。