From e0af58324ac7b1609df8bfa49d541a86a93b478c Mon Sep 17 00:00:00 2001 From: Laura Beaufort <31420082+lbeaufort@users.noreply.github.com> Date: Wed, 13 Mar 2019 12:35:08 -0400 Subject: [PATCH] Add application-level IP blocking --- webservices/rest.py | 10 ++++++---- 1 file changed, 6 insertions(+), 4 deletions(-) diff --git a/webservices/rest.py b/webservices/rest.py index 9206f5384..3a442dbcd 100644 --- a/webservices/rest.py +++ b/webservices/rest.py @@ -133,10 +133,10 @@ def handle_error(error): # api.data.gov -trusted_proxies = ('54.208.160.112', '54.208.160.151') +TRUSTED_PROXIES = ('54.208.160.112', '54.208.160.151') +BLOCKED_IPS = ('') FEC_API_WHITELIST_IPS = env.get_credential('FEC_API_WHITELIST_IPS', False) - @app.before_request def limit_remote_addr(): """If `FEC_API_WHITELIST_IPS` is set, reject all requests that are not @@ -145,11 +145,13 @@ def limit_remote_addr(): falses = (False, 'False', 'false', 'f') if FEC_API_WHITELIST_IPS not in falses: try: - *_, api_data_route, cf_route = request.access_route + *_, source_ip, api_data_route, cf_route = request.access_route except ValueError: # Not enough routes abort(403) else: - if api_data_route not in trusted_proxies: + if api_data_route not in TRUSTED_PROXIES: + abort(403) + if source_ip in BLOCKED_IPS: abort(403)