Zope trusted-proxy directive with wildcards or CIDR

Hello. I am having to add a large pool of trusted proxies to my Zope Configuration. The trusted-proxy directive is described here: https://zope.readthedocs.io/en/latest/operation.html#zope-configuration-reference.

I would rather not have to add a whole CIDR range of 255 addresses to the buildout config, and I am wondering if there is a wildcard syntax that is accepted. The (*) in the doc I link above has me wonder if I can accept from all.

Please if anyone has insight it would be very helpful as the proxy addresses are in a dynamically leased pool for a client. So I do have to add all 255. Thank you in advance.

The * (in the documentation) indicates a so called multikey, i.e. a key which can occur more than a single time. It does not indicate that wildcards are supported.

The datatype (ipaddr-or-hostname in this case) determines what values are accepted. ipaddr-or-hostname is defined by ZConfig.datatypes.IpaddrOrHostname and supports (as the name indicates) IP addresses (IP4 and IP6) and host names (and no wildcards, nor "net addresses").

You might be able to use the hostname (rather than IP addresses) - provided that the variable client address is bound to a fix hostname. I have not found where the hostname is mapped to IP addresses, but it happens likely during startup; this could mean that using "hostname" is not an option for you.

Thank you so much for your reply. Your insight is incredibly helpful.

Plone Foundation Code of Conduct