Python Twisted: Restricting Access By IP Address

What would be the best method to restrict access to my XMLRPC server by IP address? I see the class CGIScript in web/twcgi.py has a render method that is accessing the request...

Solution 1:

When a connection is established, a factory's buildProtocol is called to create a new protocol instance to handle that connection. buildProtocol is passed the address of the peer which established the connection and buildProtocol may return None to have the connection closed immediately.

So, for example, you can write a factory like this:

from twisted.internet.protocol import ServerFactory

class LocalOnlyFactory(ServerFactory):
    def buildProtocol(self, addr):
        if addr.host == "127.0.0.1":
            return ServerFactory.buildProtocol(self, addr)
        return None

And only local connections will be handled (but all connections will still be accepted initially since you must accept them to learn what the peer address is).

You can apply this to the factory you're using to serve XML-RPC resources. Just subclass that factory and add logic like this (or you can do a wrapper instead of a subclass).

iptables or some other platform firewall is also a good idea for some cases, though. With that approach, your process never even has to see the connection attempt.

Solution 2:

Okay, another answer is to get the ip address from the transport, inside any protocol:

d = self.transport.getHost () ; print d.type, d.host, d.port

Then use the value to filter it in any way you want.

Solution 3:

I'd use a firewall on windows, or iptables on linux.