Skip to content

blackbull.middleware.proxy

blackbull.middleware.proxy

TrustedProxy

Rewrite scope['client'] and scope['scheme'] from proxy headers.

Applied only when the direct TCP peer matches the configured trusted set, preventing malicious clients from spoofing X-Forwarded-For.

Supported headers (in precedence order):

  1. RFC 7239 Forwardedfor=<ip>; proto=<scheme>
  2. X-Forwarded-For — comma-separated IP chain; leftmost non-trusted IP wins
  3. X-Forwarded-Proto — rewrite scope['scheme']

Parameters:

Name Type Description Default
trusted_proxies list[str] | str | None

IP addresses or CIDR strings (IPv4 or IPv6). Accepts a single string or a list. Defaults to loopback ('127.0.0.1', '::1').

 None

Usage::

app = BlackBull(trusted_proxies=['127.0.0.1', '10.0.0.0/8'])

# or register explicitly for more control:
from blackbull import TrustedProxyMiddleware
app.use(TrustedProxyMiddleware(['127.0.0.1', '::1']))