Skip to main content

Hide your Django site behind basic authentication mechanism with IP whitelisting support.

Project description

This simple package ships middleware that lets you to set basic auth and IP whitelisting via settings.

Use case

This package has been created in mind for staging and demo sites that need to be completely hidden from the Internet behind a password or IP range.

Requirements

  • Django 1.11 and 2
  • Python 3.4, 3.5, 3.6, 3.7

Installation

The package is on PyPI.

pip install django-basic-auth-ip-whitelist

Configuration

In your Django settings you can configure the following settings.

BASIC_AUTH_LOGIN and BASIC_AUTH_PASSWORD

Credentials that you want to use with your basic authentication.

BASIC_AUTH_WHITELISTED_IP_NETWORKS

Set a list of network ranges (strings) compatible with Python’s ipaddress.ip_network that you want to be able to access the website without authentication from. It must be either a string with networks separated by comma or Python iterable.

BASIC_AUTH_REALM

String specifying the realm of the default response.

Example settings

MIDDLEWARE += [
    'baipw.middleware.BasicAuthIPWhitelistMiddleware'
]
BASIC_AUTH_LOGIN = 'somelogin'
BASIC_AUTH_PASSWORD = 'greatpassword'
BASIC_AUTH_WHITELISTED_IP_NETWORKS = [
    '192.168.0.0/28',
    '2001:db00::0/24',
]

Advanced customisation

Getting IP

If you want to have a custom behaviour when getting IP, you can create a custom function that takes request as a parameter and specify path to it in the BASIC_AUTH_GET_CLIENT_IP_FUNCTION settings, e.g.

BASIC_AUTH_GET_CLIENT_IP_FUNCTION = 'utils.ip.get_client_ip'

BASIC_AUTH_WHITELISTED_HTTP_HOSTS

Set a list of hosts that your website will be open to without basic authentication. This is useful if your website is hosted under multiple domains and you want only one of them to be publicly visible, e.g. by search engines.

This is by no means a security feature. Please do not use to secure your site.

BASIC_AUTH_WHITELISTED_HTTP_HOSTS = [
    'your-public-domain.com',
]

BASIC_AUTH_RESPONSE_TEMPLATE

If you want to display a different template on the 401 page, please use this setting to point at the template.

BASIC_AUTH_RESPONSE_TEMPLATE = '401.html'

BASIC_AUTH_RESPONSE_CLASS

If you want to specify custom response class, you can do so with this setting. Provide the path as a string.

BASIC_AUTH_RESPONSE_CLASS = 'yourmodule.response.CustomUnathorisedResponse'

Skip middleware

You can skip the middleware by setting _skip_basic_auth_ip_whitelist_middleware_check attribute on the request to True.

setattr(request, '_skip_basic_auth_ip_whitelist_middleware_check', True)

This may be handy if you have other middleware that you want to have co-existing different middleware that restrict access to the website.

Project details


Download files

Download the file for your platform. If you're not sure which to choose, learn more about installing packages.

Filename, size & hash SHA256 hash help File type Python version Upload date
django_basic_auth_ip_whitelist-0.2.1-py3-none-any.whl (10.1 kB) Copy SHA256 hash SHA256 Wheel py3 Jul 20, 2018
django-basic-auth-ip-whitelist-0.2.1.tar.gz (7.2 kB) Copy SHA256 hash SHA256 Source None Jul 20, 2018

Supported by

Elastic Elastic Search Pingdom Pingdom Monitoring Google Google BigQuery Sentry Sentry Error logging AWS AWS Cloud computing DataDog DataDog Monitoring Fastly Fastly CDN SignalFx SignalFx Supporter DigiCert DigiCert EV certificate StatusPage StatusPage Status page