Django Banish Plus is a Django middleware app to banish user agents by IP address or User Agent Header. It also supports basic abuse prevention by automatically banning users if they exceed a certain number of requests per minute, which is likely some form of attack or attempted denial of service.
Django Banish Plus stores all banishments in memory to avoid database lookups on every request. It requires memcached, especially for the IP abuse monitoring feature.
Django Banish Plus is based on Django Banish package by Yousef Ourabi.
- Banish requests, by IP or user agent header included blacklist.
- Avoid banish request by whitelist.
- Banish request from TOR network, using TOR IPS database.
- The banish action is configurable, (403 response, redirect or custom template).
- Python 2.7
- Django 1.11
- Memcache or Redis cache system.
- Celery
- celery: 4.1.0
- redis: 2.10.6
- django-redis-cache: 1.7.1
$ git clone [email protected]:intelligenia/django-banish-plus.git
pip install git+ssh://[email protected]:intelligenia/django-banish-plus.git
- Link to config mencached cache system in Django enviroment
- Link to config redis cache system in Django enviroment
Install django-banish. Make sure it is on your PYTHONPATH or in your django project directory.
In your django project settings.py you must set the following options:
-
Add
'banish.middleware.BanishMiddleware'
toMIDDLEWARE_CLASSES
-
Add
'banish'
toINSTALLED_APPS
-
Run
manage.py migrate
to apply database changes and create new tables. -
Add
BANISH_ENABLED = True
to enable Django-Banish (handy if you lock yourself out, you can just set this to False) -
ADD BANISH_EMPTY_UA = True|False
to specify wether requests without a USER_AGENT header will be banned. -
Optionally set
BANISH_ABUSE_THRESHOLD
(default is 75) to the threshold of requests per minute -
Optionally set
BANISH_MESSAGE
(default is "You are banned.") to change default message for banned user. -
Optionally set
BANISH_URL_REDIRECT
to set url to redirect if request is banish. -
Optionally set
BANISH_TEMPLATRE
to render a custom template if request is banish. -
Optionally set
BANISH_RESTRICT_FILTER
= True|False (default False), to specific url patch where banish is applied. -
BANISH_URI_FILTER
is patch where banish is applied if BANISH_RESTRICT_FILTER = True (exampleBANISH_URI_FILTER = '\api'
only protect \api) -
Set
BANISH_ONLY_WHITELIST = True|False
to allow only request from whitelist. -
Set
BANISH_TOR_IPS = True|False
to banish TOR request. -
Set
TOR_IPS_DATABASE
with tor ips database, (example,TOR_IPS_DATABASE = "http://torstatus.blutmagie.de/ip_list_exit.php/Tor_ip_list_EXIT.csv"
) -
Set
TOR_CACHE_KEY
with cache key. (exampleTOR_CACHE_KEY = "tor-ip-exit-list"
)
Django Banish Plus is released under the Apache Software License, Version 2.0
Licensed under the Apache License, Version 2.0 (the "License"); you may not use this file except in compliance with the License. You may obtain a copy of the License at http://www.apache.org/licenses/LICENSE-2.0
Unless required by applicable law or agreed to in writing, software distributed under the License is distributed on an "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
See the License for the specific language governing permissions and limitations under the License.