{ "info": { "author": "Victor Semionov", "author_email": "vsemionov@gmail.com", "bugtrack_url": null, "classifiers": [ "Development Status :: 4 - Beta", "Environment :: Web Environment", "Framework :: Django", "Intended Audience :: Developers", "License :: OSI Approved :: MIT License", "Operating System :: OS Independent", "Programming Language :: Python :: 3", "Topic :: Internet :: WWW/HTTP", "Topic :: Security" ], "description": "# Django Blacklist\n\nBlacklist users and hosts in Django. Automatically blacklist rate-limited clients.\n\n\n## Overview\n\nDjango Blacklist allows you to block specific users and IP addresses/networks from accessing your application.\nClients can be blocked manually from the admin interface, or automatically after exceeding a request rate limit.\nThe blacklist rules are applied for a specific duration.\n\n\n## Installation\n\nTo install the package, run:\n```\n$ pip install django-blacklist\n```\n\nAdd the `blacklist` application to `INSTALLED_APPS`:\n```\nINSTALLED_APPS = [\n ...\n 'blacklist'\n]\n```\n\nAdd the `blacklist_middleware` middleware after `AuthenticationMiddleware`:\n```\nMIDDLEWARE = [\n ...\n 'django.contrib.auth.middleware.AuthenticationMiddleware',\n 'blacklist.middleware.blacklist_middleware',\n ...\n]\n```\n\nApply the blacklist database migrations:\n```\n$ python manage.py migrate blacklist\n```\n\n\n## Usage\n\nYou can manage the blacklist rules from the admin. Changes take effect after restarting the server.\nA rule can target a user or an IP address.\nYou can also target IP networks (ranges) by specifying the optional prefixlen field (number of network prefix bits).\nEach rule has a specific duration. After that duration passes, rules expire automatically, without a restart.\nWhen a request is rejected due to a matching rule, an response with HTTP status 400 (bad request) is returned,\nand an error is output from logger `django.security`.\n\n### Removing Expired Rules\n\nExpired rules are not automatically removed from the database.\nThey can be cleaned up with the included management command `trim_blacklist`:\n```\n$ python manage.py trim_blacklist [-c ] [-e ]\n```\nThe options `-c` and `-e` specify the minimum ages of creation and expiry, respectively.\n\n\n## Automatic Blacklisting\n\nClients can be blacklisted automatically, after exceeding a specified request rate limit.\nThis feature requires [django-ratelimit](https://github.com/jsocol/django-ratelimit).\n\nFirst, rate-limit a view by applying the `@ratelimit` decorator. Make sure to set `block=False`.\nThen, blacklist rate-limited clients by adding the `@blacklist_ratelimited` decorator. Specify the blacklist duration.\nFor example:\n```\nfrom datetime import timedelta\nfrom ratelimit.decorators import ratelimit\nfrom blacklist.ratelimit import blacklist_ratelimited\n\n@ratelimit(key='user_or_ip', rate='50/m', block=False)\n@blacklist_ratelimited(timedelta(minutes=30))\ndef index(request):\n ...\n```\n\nAutomatic rules take effect immediately, without a restart.\nIf the request comes from an authenticated user, the rule will target that user.\nOtherwise, it will target their IP address.\n***\nNote: The client IP address is taken from the `REMOTE_ADDR` value of `request.META`.\nIf your application is behind one or more reverse proxies, this will, by default,\nalways be the address of the nearest proxy.\nTo avoid blacklisting all clients, you can set `REMOTE_ADDR` from the `X-Forwarded-For` header in middleware.\nHowever, keep in mind that this header can be forged to bypass the rate limits.\nTo counter that, you can use the last address in that header.\nIf you are behind two proxies, use the second to last, etc.\n***\n\n`@blacklist_ratelimited` accepts two arguments: `(duration, block=True)`.\n* `duration` can be a `timedelta` object, or a tuple of two separate durations\n(for user-based and IP-based rules).\n* `block` specifies if the request should be rejected immediately, or passed to the view.\n\nAutomatic rules will have a comment that contains the ID of the request, which triggered the creation of the rule,\nand the \"request line\".\nThe request ID is added only if available. Django does not generate request IDs.\nFor that purpose, you can install [django-log-request-id](https://github.com/dabapps/django-log-request-id).\n\n\n", "description_content_type": "text/markdown", "docs_url": null, "download_url": "", "downloads": { "last_day": -1, "last_month": -1, "last_week": -1 }, "home_page": "https://github.com/vsemionov/django-blacklist", "keywords": "django blacklist ratelimit firewall", "license": "MIT", "maintainer": "", "maintainer_email": "", "name": "django-blacklist", "package_url": "https://pypi.org/project/django-blacklist/", "platform": "", "project_url": "https://pypi.org/project/django-blacklist/", "project_urls": { "Homepage": "https://github.com/vsemionov/django-blacklist" }, "release_url": "https://pypi.org/project/django-blacklist/0.1.2/", "requires_dist": [ "Django" ], "requires_python": "", "summary": "Blacklist users and hosts in Django. Automatically blacklist rate-limited clients.", "version": "0.1.2" }, "last_serial": 5435044, "releases": { "0.1.0": [ { "comment_text": "", "digests": { "md5": "157558275e6c14f153fb919611b4ddba", "sha256": "cd8555cfa139d117a3192909489a0b7da6d5907b112315553d1aebae2dc74d78" }, "downloads": -1, "filename": "django_blacklist-0.1.0-py3-none-any.whl", "has_sig": false, "md5_digest": "157558275e6c14f153fb919611b4ddba", "packagetype": "bdist_wheel", "python_version": "py3", "requires_python": null, "size": 7591, "upload_time": "2019-06-13T06:43:44", "url": "https://files.pythonhosted.org/packages/ac/4e/c2ba8a9e4f631a0d1b686d124f784d09cab4e76fd8323917f8df8fe961b7/django_blacklist-0.1.0-py3-none-any.whl" }, { "comment_text": "", "digests": { "md5": "5e09a4bb6c65f8032ab591c7fc75ca38", "sha256": "5b151c541b6dfd64c86f450d513177bc3ad6946ffeefed2222918e7169568f45" }, "downloads": -1, "filename": "django-blacklist-0.1.0.tar.gz", "has_sig": false, "md5_digest": "5e09a4bb6c65f8032ab591c7fc75ca38", "packagetype": "sdist", "python_version": "source", "requires_python": null, "size": 5459, "upload_time": "2019-06-13T06:43:46", "url": "https://files.pythonhosted.org/packages/5d/c1/624e062a6f739fcaf9c0617501387156340a01f4ea9e73207b26bf53747e/django-blacklist-0.1.0.tar.gz" } ], "0.1.1": [ { "comment_text": "", "digests": { "md5": "b681edc9ef326c09f157cacd807cc37b", "sha256": "1a7a292b0b3e84ba9fa0d8737e0dad863f11e2841e0e4587019f9f53d5b551fd" }, "downloads": -1, "filename": "django_blacklist-0.1.1-py3-none-any.whl", "has_sig": false, "md5_digest": "b681edc9ef326c09f157cacd807cc37b", "packagetype": "bdist_wheel", "python_version": "py3", "requires_python": null, "size": 7648, "upload_time": "2019-06-13T08:20:30", "url": "https://files.pythonhosted.org/packages/b7/43/4e46355c47d96db1b4ddf8d75c7973abaa12b1c64f47dbb6e8804ee3842e/django_blacklist-0.1.1-py3-none-any.whl" }, { "comment_text": "", "digests": { "md5": "1b70a6b004bb1378e49c2368138c74e1", "sha256": "d930a711ef5be93f82d99aa7fae386127e1b1711aa8cee77bc06fdfc95708b5c" }, "downloads": -1, "filename": "django-blacklist-0.1.1.tar.gz", "has_sig": false, "md5_digest": "1b70a6b004bb1378e49c2368138c74e1", "packagetype": "sdist", "python_version": "source", "requires_python": null, "size": 5487, "upload_time": "2019-06-13T08:20:32", "url": "https://files.pythonhosted.org/packages/d5/b5/cfe2c547eb4dfcf0b69722f9f147a64f65687de87bae1a0c07cf14e06ca9/django-blacklist-0.1.1.tar.gz" } ], "0.1.2": [ { "comment_text": "", "digests": { "md5": "1a1e917343bd1a0d50bba9190711f230", "sha256": "59ec24a088ba243208f9f8062449f43ebc101f3b952465f75ee711cc26eab3b2" }, "downloads": -1, "filename": "django_blacklist-0.1.2-py3-none-any.whl", "has_sig": false, "md5_digest": "1a1e917343bd1a0d50bba9190711f230", "packagetype": "bdist_wheel", "python_version": "py3", "requires_python": null, "size": 8332, "upload_time": "2019-06-22T16:01:00", "url": "https://files.pythonhosted.org/packages/f4/61/65df569174bf71d039ce21f2af41a7e3c1fa1c96fb2774888298704a55db/django_blacklist-0.1.2-py3-none-any.whl" }, { "comment_text": "", "digests": { "md5": "32174b3cb4a6bb7268a7ada6f9e7b39d", "sha256": "2ba4586594488015e2464f6626533cc8e4217cf30d47cb33cb3c6461b1660706" }, "downloads": -1, "filename": "django-blacklist-0.1.2.tar.gz", "has_sig": false, "md5_digest": "32174b3cb4a6bb7268a7ada6f9e7b39d", "packagetype": "sdist", "python_version": "source", "requires_python": null, "size": 5914, "upload_time": "2019-06-22T16:01:01", "url": "https://files.pythonhosted.org/packages/c8/9d/311708113da10fcc0234f16f4ce34135626f08d5312d6ecbea09ace0e7dc/django-blacklist-0.1.2.tar.gz" } ] }, "urls": [ { "comment_text": "", "digests": { "md5": "1a1e917343bd1a0d50bba9190711f230", "sha256": "59ec24a088ba243208f9f8062449f43ebc101f3b952465f75ee711cc26eab3b2" }, "downloads": -1, "filename": "django_blacklist-0.1.2-py3-none-any.whl", "has_sig": false, "md5_digest": "1a1e917343bd1a0d50bba9190711f230", "packagetype": "bdist_wheel", "python_version": "py3", "requires_python": null, "size": 8332, "upload_time": "2019-06-22T16:01:00", "url": "https://files.pythonhosted.org/packages/f4/61/65df569174bf71d039ce21f2af41a7e3c1fa1c96fb2774888298704a55db/django_blacklist-0.1.2-py3-none-any.whl" }, { "comment_text": "", "digests": { "md5": "32174b3cb4a6bb7268a7ada6f9e7b39d", "sha256": "2ba4586594488015e2464f6626533cc8e4217cf30d47cb33cb3c6461b1660706" }, "downloads": -1, "filename": "django-blacklist-0.1.2.tar.gz", "has_sig": false, "md5_digest": "32174b3cb4a6bb7268a7ada6f9e7b39d", "packagetype": "sdist", "python_version": "source", "requires_python": null, "size": 5914, "upload_time": "2019-06-22T16:01:01", "url": "https://files.pythonhosted.org/packages/c8/9d/311708113da10fcc0234f16f4ce34135626f08d5312d6ecbea09ace0e7dc/django-blacklist-0.1.2.tar.gz" } ] }