Django RevProxy

0.13.0 · active · verified Fri Apr 17

Django RevProxy (version 0.13.0) is a Django application that provides a robust reverse proxy solution. It allows you to seamlessly proxy external websites or services through your Django application, handling URL rewriting, cookie management, and header forwarding. The library sees active, though irregular, development, with a focus on stability and compatibility with modern Django versions.

Common errors

```
ModuleNotFoundError: No module named 'revproxy'
```
cause `django-revproxy` is either not installed or not included in `INSTALLED_APPS`.

fix Run `pip install django-revproxy` and ensure `'revproxy'` is added to your `INSTALLED_APPS` list in `settings.py`.
```
Proxy returns 404 Not Found or an unexpected page/content from the upstream.
```
cause The `upstream` URL is incorrect, malformed, or the `re_path` regex pattern in `urls.py` does not correctly capture and forward the path to the proxy.

fix Double-check the `upstream` URL for typos, correct scheme (`http://` or `https://`), and trailing slashes. Verify that your `re_path` regex (e.g., `r'^(?P<path>.*)$'`) correctly captures the path portion for the upstream target.
```
Cookies or session data from the proxied site are not working or conflicting with the Django application's cookies.
```
cause The default cookie handling might lead to conflicts between `django-revproxy`'s forwarded cookies and your primary Django application's cookies, or the upstream service expects specific cookie behaviors.

fix Use `REVPROXY_COOKIE_NAME_PREFIX = 'revproxy_'` (or another unique prefix) in your `settings.py` to namespace cookies forwarded by the proxy, preventing clashes. Review other cookie-related `REVPROXY_` settings if further customization is needed.

Warnings

breaking Older Django projects or examples from `django-revproxy` versions prior to 0.10.0 might use `django.conf.urls.url`. Django 2.0+ deprecated `url` in favor of `re_path` for regex-based URL patterns.
Fix: Always use `from django.urls import re_path` and `re_path(...)` for your regex-based proxy URL patterns.
gotcha The default `REVPROXY_HISTORY_STORAGE_BACKEND` is in-memory (`revproxy.history.MemoryHistoryStorage`), which is not suitable for production environments with multiple processes or server restarts as it loses state.
Fix: For production, configure `REVPROXY_HISTORY_STORAGE_BACKEND` in `settings.py` to use a persistent storage like `django.contrib.sessions.backends.db` or a custom database-backed solution. Example: `REVPROXY_HISTORY_STORAGE_BACKEND = 'django.contrib.sessions.backends.db'`
gotcha Proxying external services, especially with user-controlled `upstream` URLs or broad header forwarding, can introduce security vulnerabilities (e.g., SSRF, header injection, information leakage).
Fix: Carefully validate and sanitize any user-provided `upstream` URLs. Explicitly whitelist allowed headers to forward using `REVPROXY_WHITELIST_TABLE_HEADERS` and control cookie forwarding to prevent unintended information disclosure or session conflicts.
gotcha Static assets (CSS, JS, images) from the proxied site might not load correctly if they use relative URLs and the proxy path doesn't align with the original site structure, or if `django-revproxy` isn't configured to rewrite them.
Fix: If assets are not loading, try setting `REVPROXY_FORCE_REWRITE = True` in your `settings.py` to force `django-revproxy` to rewrite URLs in the proxied content. Ensure your `upstream` URL correctly points to the base of the external site.

Install

pip install django-revproxy Install via pip

Imports

RevProxy
```
from revproxy.views import RevProxy
```
path
```
from django.urls import path
```
re_path
```
from django.urls import re_path
```

Quickstart

This quickstart demonstrates how to add `django-revproxy` to your Django project. First, add 'revproxy' to your `INSTALLED_APPS`. Then, define a URL pattern in your `urls.py` that uses `RevProxy.as_view()` to point to an `upstream` URL. This example proxies all requests to `/external/` to `https://www.example.com/`. Remember to set a proper `SECRET_KEY` in production.

# myproject/settings.py
import os

INSTALLED_APPS = [
    'django.contrib.admin',
    'django.contrib.auth',
    'django.contrib.contenttypes',
    'django.contrib.sessions',
    'django.contrib.messages',
    'django.contrib.staticfiles',
    'revproxy',
]

SECRET_KEY = os.environ.get('DJANGO_SECRET_KEY', 'your-insecure-dev-secret-key')
DEBUG = True
ALLOWED_HOSTS = []

ROOT_URLCONF = 'myproject.urls'

# For simplicity in quickstart, typically more settings would be here

# myproject/urls.py
from django.contrib import admin
from django.urls import path, re_path
from revproxy.views import RevProxy

urlpatterns = [
    path('admin/', admin.site.urls),
    # Proxy all requests under /external/ to example.com
    # Access this at http://localhost:8000/external/
    re_path(r'^external/(?P<path>.*)$', RevProxy.as_view(upstream='https://www.example.com/'))
]

view raw JSON →