Logo Questions Linux Laravel Mysql Ubuntu Git Menu
 

Verify hostname of the server who invoked the API

I have an AWS ELB connected with multiple EC2s that are running the AWS Flask server. I am not sure if AWS ELB passes the complete request to EC2 or not. I know we can do the restrictions at ELB level but I want to put restrictions on only one endpoint and verify the hostname of the server who invoked the endpoint in Flask. Is it possible?

like image 375
Sanjay Sharma Avatar asked Aug 05 '20 11:08

Sanjay Sharma


2 Answers

You could try the following:

import socket
from flask import request


@app.route("/your_route", methods=["GET"])
def your_route():
    hostname, aliaslist, ipaddrlist = socket.gethostbyaddr(request.remote_addr)

Note that relying on the remote_addr is unreliable, however as this is unrelated to the topic I will refer to this answer which makes use of ProxyFix:

For more information on socket.gethostbyaddr() please check out: socket.gethostbyaddr()

like image 100
alexisdevarennes Avatar answered Oct 06 '22 18:10

alexisdevarennes


I suggest you use the decorator pattern for such cases i.e. you add a new config option IP_LIST with some kind of address set divided by comma.

IP_LIST = "127.0.0.1,127.0.0.2,..."

After that add a new decorator function, and decorate any endpoint with the decorator.

def ip_verified(fn):
    """
    A custom decorator that checks if a client IP is in the list, otherwise block access.
    """

    @wraps(fn)
    def decorated_view(*args, **kwargs):
        ip_list_str = current_app.config['IP_LIST']
        ip_list = ip_list_str.split(",") if ip_list_str else []

        if request.headers.getlist("X-Forwarded-For"):
            remote_ip = request.headers.getlist("X-Forwarded-For")[0]
        else:
            remote_ip = request.remote_addr

        if remote_ip not in ip_list:
            return "Not sufficient privileges", 403

        return fn(*args, **kwargs)

    return decorated_view

@app.route("/your_route", methods=["GET"])
@ip_verified
def your_route():
    ...
like image 2
j0shu4b0y Avatar answered Oct 06 '22 18:10

j0shu4b0y