Hide your Django site behind basic authentication mechanism with IP whitelisting support.
This simple package ships middleware that lets you to set basic authentication and IP whitelisting via Django settings.
This package has been created for staging and demo sites that need to be completely hidden from the Internet behind a password or accessible only to certain IP networks.
Do not depend on this package to protect highly valuable information. This package is at a good way to disable staging sites being discovered by search engines and Internet users trying to access staging sites. It is advised that any sensitive information is protected using Django authentication system.
- Django 1.8, 1.9, 1.10, 1.11, 2.0, 2.1, 2.2 or 3.0.
- Python 3.4, 3.5, 3.6, 3.7 or 3.8.
The package is on PyPI so you can just install it with pip.
pip install django-basic-auth-ip-whitelist
In your Django settings you can configure the following settings:
BASIC_AUTH_LOGIN and BASIC_AUTH_PASSWORD
Credentials that you want to use with your basic authentication.
Set a list of network ranges (strings) compatible with Python’s ipaddress.ip_network that you want to be able to access the website without authentication from. It must be either a string with networks separated by comma or Python iterable.
String specifying the realm of the default response.
MIDDLEWARE += [ 'baipw.middleware.BasicAuthIPWhitelistMiddleware' ] BASIC_AUTH_LOGIN = 'somelogin' BASIC_AUTH_PASSWORD = 'greatpassword' BASIC_AUTH_WHITELISTED_IP_NETWORKS = [ '192.168.0.0/28', '2001:db00::0/24', ]
If you want to have a custom behaviour when getting IP, you can create a custom function that takes request as a parameter and specify path to it in the BASIC_AUTH_GET_CLIENT_IP_FUNCTION settings, e.g.
BASIC_AUTH_GET_CLIENT_IP_FUNCTION = 'utils.ip.get_client_ip'
Set a list of hosts that your website will be open to without basic authentication. This is useful if your website is hosted under multiple domains and you want only one of them to be publicly visible, e.g. by search engines.
This is by no means a security feature. Please do not use to secure your site.
BASIC_AUTH_WHITELISTED_HTTP_HOSTS = [ 'your-public-domain.com', ]
Set a list of paths that your website will serve without basic authentication. This can be used to support API integrations for example with third-party services which don’t support basic authentication.
Paths listed in the setting BASIC_AUTH_WHITELISTED_PATHS are treated as roots, and any subpath will be whitelisted too. For example:
BASIC_AUTH_WHITELISTED_PATHS = [ '/api', ]
If you want to display a different template on the 401 page, please use this setting to point at the template.
BASIC_AUTH_RESPONSE_TEMPLATE = '401.html'
If you want to specify custom response class, you can do so with this setting. Provide the path as a string.
BASIC_AUTH_RESPONSE_CLASS = 'yourmodule.response.CustomUnathorisedResponse'
You can skip the middleware by setting _skip_basic_auth_ip_whitelist_middleware_check attribute on the request to True.
setattr(request, '_skip_basic_auth_ip_whitelist_middleware_check', True)
This may be handy if you have other middleware that you want to have co-existing different middleware that restrict access to the website.
Release history Release notifications | RSS feed
Download the file for your platform. If you're not sure which to choose, learn more about installing packages.
|Filename, size||File type||Python version||Upload date||Hashes|
|Filename, size django_basic_auth_ip_whitelist-0.3.4-py3-none-any.whl (8.2 kB)||File type Wheel||Python version py3||Upload date||Hashes View|
|Filename, size django-basic-auth-ip-whitelist-0.3.4.tar.gz (9.3 kB)||File type Source||Python version None||Upload date||Hashes View|
Hashes for django_basic_auth_ip_whitelist-0.3.4-py3-none-any.whl
Hashes for django-basic-auth-ip-whitelist-0.3.4.tar.gz