2015年(62)
分类: LINUX
2015-01-13 19:37:17
在SAE上基于Django搭建的Web工程有时需要禁止来自某些特定IP地址的访问请求。
例如一个为搭建在SAE的其他项目提供服务的内部工程,可以设置为只允许SAE内部的IP地址访问,从而提高项目的安全性。
要修改SAE Django工程的访问规则,需要变更工程的WSGI配置文件。
通过向WSGI配置文件添加中间件,可以根据客户端请求信息的IP地址、User-Agent,Referer等属性对访问请求进行过滤。
SAE Django工程根目录1/下的index.wsgi的路由配置源码如下:
#Router import sae from mysite import wsgi application = sae.create_wsgi_app(wsgi.application)
1/mysite/wsgi.py源码如下:
#encoding=utf8
"""
WSGI config for mysite project.
This module contains the WSGI application used by Django's development server
and any production WSGI deployments. It should expose a module-level variable
named ``application``. Django's ``runserver`` and ``runfcgi`` commands discover
this application via the ``WSGI_APPLICATION`` setting.
Usually you will have the standard Django WSGI application here, but it also
might make sense to replace the whole Django WSGI application with a custom one
that later delegates to the Django one. For example, you could introduce WSGI
middleware here, or combine a Django application with an application of another
framework.
"""
import os
os.environ.setdefault("DJANGO_SETTINGS_MODULE", "mysite.settings")
# This application object is used by any WSGI server configured to use this
# file. This includes Django's development server, if the WSGI_APPLICATION
# setting points here.
from django.core.wsgi import get_wsgi_application
application = get_wsgi_application()
# Apply WSGI middleware here.
# from helloworld.wsgi import HelloWorldApplication
# application = HelloWorldApplication(application)
import django.core.handlers.wsgi
_application = django.core.handlers.wsgi.WSGIHandler()
def application(environ, start_response):
content = '您访问的网站不存在 - Sina App Engine
'
remote_addr = environ.get('REMOTE_ADDR')
if remote_addr and not remote_addr.startswith('10.67'):
start_response('600 domain_not_exists', [('Content-Type', 'text/html; charset=utf-8'),])
return [content]
return _appliion(environ, st_response)
上述源码对来自SAE外部的(IP地址不以10.67开始)HTTP请求进行过滤,返回信息为600 domain_not_exists。