David Y.
—How do I get the IP address of a visitor in Flask?
The IP address associated with the current request is stored in the Flask Request
object’s remote_addr
attribute. The following simple application will display the IP address of visitors to the /whatsmyip
route:
from flask import Flask, request app = Flask(__name__) @app.route("/whatsmyip", methods=["GET"]) def whats_my_ip(): return request.remote_addr app.run()
However, this will only work if users connect directly to your Flask web server. If it’s running behind a proxy such as NGINX, as is often the case in production environments, remote_addr
will always be the local loopback address, 127.0.0.1
. From Flask’s perspective, all requests are coming from the proxy.
Fortunately, we can fix this by including some additional code to tell Flask it is behind a proxy. This code will configure our application to assign request.remote_addr
from the request’s X-Forwarded-For
HTTP header.
from werkzeug.middleware.proxy_fix import ProxyFix app.wsgi_app = ProxyFix( app.wsgi_app, x_for=1, x_proto=1, x_host=1, x_prefix=1 )
ProxyFix
must be called with the exact number of proxies that are in front of the Flask server, or malicious users will be able to spoof their IP addresses by including their own X-Forwarded-For
header in their requests.
Tasty treats for web developers brought to you by Sentry. Get tips and tricks from Wes Bos and Scott Tolinski.
SEE EPISODESConsidered “not bad” by 4 million developers and more than 100,000 organizations worldwide, Sentry provides code-level observability to many of the world’s best-known companies like Disney, Peloton, Cloudflare, Eventbrite, Slack, Supercell, and Rockstar Games. Each month we process billions of exceptions from the most popular products on the internet.
Here’s a quick look at how Sentry handles your personal information (PII).
×We collect PII about people browsing our website, users of the Sentry service, prospective customers, and people who otherwise interact with us.
What if my PII is included in data sent to Sentry by a Sentry customer (e.g., someone using Sentry to monitor their app)? In this case you have to contact the Sentry customer (e.g., the maker of the app). We do not control the data that is sent to us through the Sentry service for the purposes of application monitoring.
Am I included?We may disclose your PII to the following type of recipients:
You may have the following rights related to your PII:
If you have any questions or concerns about your privacy at Sentry, please email us at compliance@sentry.io.
If you are a California resident, see our Supplemental notice.