Python Twisted: Restricting Access By IP Address
Solution 1:
When a connection is established, a factory's buildProtocol is called to create a new protocol instance to handle that connection. buildProtocol is passed the address of the peer which established the connection and buildProtocol may return None to have the connection closed immediately.
So, for example, you can write a factory like this:
from twisted.internet.protocol import ServerFactory
class LocalOnlyFactory(ServerFactory):
def buildProtocol(self, addr):
if addr.host == "127.0.0.1":
return ServerFactory.buildProtocol(self, addr)
return None
And only local connections will be handled (but all connections will still be accepted initially since you must accept them to learn what the peer address is).
You can apply this to the factory you're using to serve XML-RPC resources. Just subclass that factory and add logic like this (or you can do a wrapper instead of a subclass).
iptables or some other platform firewall is also a good idea for some cases, though. With that approach, your process never even has to see the connection attempt.
Solution 2:
Okay, another answer is to get the ip address from the transport, inside any protocol:
d =
self.transport.getHost
() ; print d.type, d.host, d.port
Then use the value to filter it in any way you want.
Solution 3:
I'd use a firewall on windows, or iptables
on linux.
Post a Comment for "Python Twisted: Restricting Access By IP Address"