Modules

Filter access to Flask web applications based on originating IP address.

This package contains a minimum viable implementation of a whitelist filter appropriate for restricting access to Heroku-hosted application based on the requestor’s IP address.

This package trusts the last IP address in the X-Forwarded-For header and is therefore appropriate only for applications that are running behind a trusted load balancer.

ipfilter

Restrict access to Flask applications by requestor IP address.

class flask_ipfilter.ipfilter.IPFilter(flask_app=None, ruleset=None)

Bases: object

An IP address filter for Flask applications.

init_app(flask_app)

Connect the whitelist filter to a Flask application.

This is called in the __init__() function if the app parameter is passed at that time, but can be called later in order to allow a whitelist to be set up before the Flask app is created.

Parameters

app – Required reference to the Flask application to which we will apply the filter.

whitelist

IPFilter Whitelist.

class flask_ipfilter.whitelist.Whitelist

Bases: object

A ruleset that denies requests by default.

Hosts and networks will be allowed only if they have been explicitly permitted with the permit() function.

evaluate(ip_address)

Determine whether an IP address is allowed.

Parameters

ip_address – The IP address to check. This must be something that ipaddress can convert into an ip_address.

Returns

True if access should be allowed and False otherwise.

permit(ip_address)

Add a new host or network to the whitelist.

Parameters

ip_address – The IP address to allow. The address parameter accepts anything that the ipaddress module can take as a parameter to ip_address or ip_network.

blacklist

IPFilter Whitelist.

class flask_ipfilter.blacklist.Blacklist

Bases: object

A ruleset that allows requests by default.

Hosts and networks will be denied only if they have been explicitly permitted with the deny() function.

deny(ip_address)

Add a new host or network to the blacklist.

Parameters

ip_address – The IP address to deny. The address parameter accepts anything that the ipaddress module can take as a parameter to ip_address or ip_network.

evaluate(ip_address)

Determine whether an IP address is allowed.

Parameters

ip_address – The IP address to check. This must be something that ipaddress can convert into an ip_address.

Returns

True if access should be allowed and False otherwise.

callback

IPFilter Whitelist.

class flask_ipfilter.callback.Callback(callback)

Bases: object

A ruleset that allows requests by default.

Hosts and networks will be denied only if they have been explicitly permitted with the deny() function.

evaluate(ip_address)

Determine whether an IP address is allowed.

Parameters

ip_address – The IP address to check. This must be something that ipaddress can convert into an ip_address.

Returns

True if access should be allowed and False otherwise.

update(callback)

Update the callback function.