Python Twisted:通过 IP 地址限制访问 [英] Python Twisted: restricting access by IP address

问题描述

通过 IP 地址限制对我的 XMLRPC 服务器的访问的最佳方法是什么?我看到 web/twcgi.py 中的 CGIScript 类有一个正在访问请求的渲染方法......但我不确定如何在我的服务器中访问这个请求.我看到一个例子，有人修补 twcgi.py 以设置环境变量，然后在服务器中访问环境变量......但我认为必须有更好的解决方案.

What would be the best method to restrict access to my XMLRPC server by IP address? I see the class CGIScript in web/twcgi.py has a render method that is accessing the request... but I am not sure how to gain access to this request in my server. I saw an example where someone patched twcgi.py to set environment variables and then in the server access the environment variables... but I figure there has to be a better solution.

谢谢.

推荐答案

建立连接后，会调用工厂的 buildProtocol 以创建新的协议实例来处理该连接.buildProtocol 会传递建立连接的对等方的地址，buildProtocol 可能会返回 None 以立即关闭连接.

When a connection is established, a factory's buildProtocol is called to create a new protocol instance to handle that connection. buildProtocol is passed the address of the peer which established the connection and buildProtocol may return None to have the connection closed immediately.

因此，例如，您可以这样编写工厂:

So, for example, you can write a factory like this:

from twisted.internet.protocol import ServerFactory

class LocalOnlyFactory(ServerFactory):
    def buildProtocol(self, addr):
        if addr.host == "127.0.0.1":
            return ServerFactory.buildProtocol(self, addr)
        return None

并且只会处理本地连接(但最初仍会接受所有连接，因为您必须接受它们才能了解对等地址是什么).

And only local connections will be handled (but all connections will still be accepted initially since you must accept them to learn what the peer address is).

您可以将此应用到您用来提供 XML-RPC 资源的工厂.只需对该工厂进行子类化并添加这样的逻辑(或者您可以使用包装器而不是子类).

You can apply this to the factory you're using to serve XML-RPC resources. Just subclass that factory and add logic like this (or you can do a wrapper instead of a subclass).

iptables 或其他一些平台防火墙在某些情况下也是一个好主意，不过.使用这种方法，您的进程甚至不必看到连接尝试.

iptables or some other platform firewall is also a good idea for some cases, though. With that approach, your process never even has to see the connection attempt.

这篇关于Python Twisted:通过 IP 地址限制访问的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！