summaryrefslogtreecommitdiff
path: root/docs/ref/middleware.txt
diff options
context:
space:
mode:
authorMarc Garcia <garcia.marc@gmail.com>2009-08-04 14:56:04 +0000
committerMarc Garcia <garcia.marc@gmail.com>2009-08-04 14:56:04 +0000
commit986bcffed2c2ab85a1cd3ebe520b7d725d921846 (patch)
treecc0e9029a066d8fde65d0626a7edf7be551ae40d /docs/ref/middleware.txt
parentd05ad1420afb5c284c1d1e1669d40af69eeb4538 (diff)
[soc2009/i18n] merged up to trunk r11385
git-svn-id: http://code.djangoproject.com/svn/django/branches/soc2009/i18n-improvements@11388 bcc190cf-cafb-0310-a4f2-bffc1f526a37
Diffstat (limited to 'docs/ref/middleware.txt')
-rw-r--r--docs/ref/middleware.txt13
1 files changed, 3 insertions, 10 deletions
diff --git a/docs/ref/middleware.txt b/docs/ref/middleware.txt
index 5125f6e064..ff51df9e8f 100644
--- a/docs/ref/middleware.txt
+++ b/docs/ref/middleware.txt
@@ -122,17 +122,10 @@ Reverse proxy middleware
.. class:: django.middleware.http.SetRemoteAddrFromForwardedFor
-Sets ``request.META['REMOTE_ADDR']`` based on
-``request.META['HTTP_X_FORWARDED_FOR']``, if the latter is set. This is useful
-if you're sitting behind a reverse proxy that causes each request's
-``REMOTE_ADDR`` to be set to ``127.0.0.1``.
+.. versionchanged: 1.1
-**Important note:** This does NOT validate ``HTTP_X_FORWARDED_FOR``. If you're
-not behind a reverse proxy that sets ``HTTP_X_FORWARDED_FOR`` automatically, do
-not use this middleware. Anybody can spoof the value of
-``HTTP_X_FORWARDED_FOR``, and because this sets ``REMOTE_ADDR`` based on
-``HTTP_X_FORWARDED_FOR``, that means anybody can "fake" their IP address. Only
-use this when you can absolutely trust the value of ``HTTP_X_FORWARDED_FOR``.
+This middleware was removed in Django 1.1. See :ref:`the release notes
+<removed-setremoteaddrfromforwardedfor-middleware>` for details.
Locale middleware
-----------------
generated by cgit v1.3 (git 2.53.0) at 2026-05-01 23:44:47 +0000