Update django-ipware configuration flags to new AXES_IPWARE_ prefixes

Use explicit new AXES_IPWARE_ referencing configuration flag names
in place of the old plain implicit AXES_ name prefixes

axes/checks.py

@@ -122,6 +122,12 @@ def axes_deprecation_check(app_configs, **kwargs):  # pylint: disable=unused-arg
     deprecated_settings = [
         "AXES_DISABLE_SUCCESS_ACCESS_LOG",
         "AXES_LOGGER",
+        # AXES_PROXY_ and AXES_META_ parameters were updated to more explicit
+        # AXES_IPWARE_PROXY_ and AXES_IPWARE_META_ prefixes in version 6.x
+        "AXES_PROXY_ORDER",
+        "AXES_PROXY_COUNT",
+        "AXES_PROXY_TRUSTED_IPS",
+        "AXES_META_PRECEDENCE_ORDER",
     ]
 
     for deprecated_setting in deprecated_settings:

axes/conf.py

@@ -108,24 +108,6 @@ settings.AXES_PERMALOCK_MESSAGE = getattr(
     ),
 )
 
-# if your deployment is using reverse proxies, set this value to 'left-most' or 'right-most' per your configuration
-settings.AXES_PROXY_ORDER = getattr(settings, "AXES_PROXY_ORDER", "left-most")
-
-# if your deployment is using reverse proxies, set this value to the number of proxies in front of Django
-settings.AXES_PROXY_COUNT = getattr(settings, "AXES_PROXY_COUNT", None)
-
-# if your deployment is using reverse proxies, set to your trusted proxy IP addresses prefixes if needed
-settings.AXES_PROXY_TRUSTED_IPS = getattr(settings, "AXES_PROXY_TRUSTED_IPS", None)
-
-# set to the names of request.META attributes that should be checked for the IP address of the client
-# if your deployment is using reverse proxies, ensure that the header attributes are securely set by the proxy
-# ensure that the client can not spoof the headers by setting them and sending them through the proxy
-settings.AXES_META_PRECEDENCE_ORDER = getattr(
-    settings,
-    "AXES_META_PRECEDENCE_ORDER",
-    getattr(settings, "IPWARE_META_PRECEDENCE_ORDER", ("REMOTE_ADDR",)),
-)
-
 # set CORS allowed origins when calling authentication over ajax
 settings.AXES_ALLOWED_CORS_ORIGINS = getattr(settings, "AXES_ALLOWED_CORS_ORIGINS", "*")
 
@@ -147,3 +129,44 @@ settings.AXES_HTTP_RESPONSE_CODE = getattr(settings, "AXES_HTTP_RESPONSE_CODE",
 settings.AXES_RESET_COOL_OFF_ON_FAILURE_DURING_LOCKOUT = getattr(
     settings, "AXES_RESET_COOL_OFF_ON_FAILURE_DURING_LOCKOUT", True
 )
+
+
+###
+# django-ipware settings for client IP address calculation and proxy detection
+# there are old AXES_PROXY_ and AXES_META_ legacy keys present for backwards compatibility
+# see https://github.com/un33k/django-ipware for further details
+###
+
+# if your deployment is using reverse proxies, set this value to 'left-most' or 'right-most' per your configuration
+settings.AXES_IPWARE_PROXY_ORDER = getattr(
+    settings,
+    "AXES_IPWARE_PROXY_ORDER",
+    getattr(settings, "AXES_PROXY_ORDER", "left-most"),
+)
+
+# if your deployment is using reverse proxies, set this value to the number of proxies in front of Django
+settings.AXES_IPWARE_PROXY_COUNT = getattr(
+    settings,
+    "AXES_IPWARE_PROXY_COUNT",
+    getattr(settings, "AXES_PROXY_COUNT", None),
+)
+
+# if your deployment is using reverse proxies, set to your trusted proxy IP addresses prefixes if needed
+settings.AXES_IPWARE_PROXY_TRUSTED_IPS = getattr(
+    settings,
+    "AXES_IPWARE_PROXY_TRUSTED_IPS",
+    getattr(settings, "AXES_PROXY_TRUSTED_IPS", None),
+)
+
+# set to the names of request.META attributes that should be checked for the IP address of the client
+# if your deployment is using reverse proxies, ensure that the header attributes are securely set by the proxy
+# ensure that the client can not spoof the headers by setting them and sending them through the proxy
+settings.AXES_IPWARE_META_PRECEDENCE_ORDER = getattr(
+    settings,
+    "AXES_IPWARE_META_PRECEDENCE_ORDER",
+    getattr(
+        settings,
+        "AXES_META_PRECEDENCE_ORDER",
+        getattr(settings, "IPWARE_META_PRECEDENCE_ORDER", ("REMOTE_ADDR",)),
+    ),
+)

axes/helpers.py

@@ -192,10 +192,10 @@ def get_client_ip_address(
 
         client_ip_address, _ = ipware.ip.get_client_ip(
             request,
-            proxy_order=settings.AXES_PROXY_ORDER,
-            proxy_count=settings.AXES_PROXY_COUNT,
-            proxy_trusted_ips=settings.AXES_PROXY_TRUSTED_IPS,
-            request_header_order=settings.AXES_META_PRECEDENCE_ORDER,
+            proxy_order=settings.AXES_IPWARE_PROXY_ORDER,
+            proxy_count=settings.AXES_IPWARE_PROXY_COUNT,
+            proxy_trusted_ips=settings.AXES_IPWARE_PROXY_TRUSTED_IPS,
+            request_header_order=settings.AXES_IPWARE_META_PRECEDENCE_ORDER,
         )
         return client_ip_address
 

docs/4_configuration.rst

@@ -103,8 +103,8 @@ and uses some conservative configuration parameters by default for security.
 If you are using reverse proxies, you will need to configure one or more of the
 following settings to suit your set up to correctly resolve client IP addresses:
 
-* ``AXES_PROXY_COUNT``: The number of reverse proxies in front of Django as an integer. Default: ``None``
-* ``AXES_META_PRECEDENCE_ORDER``: The names of ``request.META`` attributes as a tuple of strings
+* ``AXES_IPWARE_PROXY_COUNT``: The number of reverse proxies in front of Django as an integer. Default: ``None``
+* ``AXES_IPWARE_META_PRECEDENCE_ORDER``: The names of ``request.META`` attributes as a tuple of strings
   to check to get the client IP address. Check the Django documentation for header naming conventions.
   Default: ``IPWARE_META_PRECEDENCE_ORDER`` setting if set, else ``('REMOTE_ADDR', )``
 
@@ -114,7 +114,7 @@ following settings to suit your set up to correctly resolve client IP addresses:
    .. code-block:: python
 
       # refer to the Django request and response objects documentation
-      AXES_META_PRECEDENCE_ORDER = [
+      AXES_IPWARE_META_PRECEDENCE_ORDER = [
           'HTTP_X_FORWARDED_FOR',
           'REMOTE_ADDR',
       ]