Django app to restrict client access

Navigation

Verified details

These details have been verified by PyPI
Maintainers
Avatar for S-Amine from gravatar.com S-Amine

Unverified details

These details have not been verified by PyPI
Project links
Meta
  • License: MIT License (MIT)
  • Author: S-Amine
  • Requires: Python >=3.10.7
Classifiers
Report project as malware

Project description

Django Client Whitelist

Django Client Whitelist is a middleware that restricts access to certain endpoints in a Django app to a predefined list of client hosts. It is a simple and effective solution to improve the security of your application.

Problem

In a production environment, it is crucial to restrict access to API endpoints to only those hosts that are authorized to access them. Unauthorized access can lead to malicious attacks and compromise the security of your Django application.

Solution

Django Client Whitelist provides a solution to this problem by allowing you to create a predefined list of client hosts that are allowed to access the API. With this middleware in place, you can be sure that only authorized hosts can request your API endpoints, making your application more secure.

Installation

Install Django Client Whitelist using pip:

pip install django-client-whitelist

add client_whitelist to your INSTALLED_APPS:

# settings.py
INSTALLED_APPS = [
    # ...
    'client_whitelist',
    # ...
]

Add ClientWhitelistMiddleware to your middleware stack:

# settings.py
MIDDLEWARE = [
    # ...
    'client_whitelist.middleware.ClientWhitelistMiddleware',
    # ...
]

Usage

Define the PROTECTED_ENDPOINTS and ALLOWED_CLIENT_HOSTS settings in your settings file:

# settings.py
PROTECTED_ENDPOINTS = [
    '/admin/',
    '/api/',
]

ALLOWED_CLIENT_HOSTS = [
    'example.com',
    '192.168.1.1',
]

Note: In a development environment, it may be convenient to allows requests from any client host.

ALLOWED_CLIENT_HOSTS = ['*']

However, it is important to note that this should not be used in a production environment as it undermines the security measures provided by Django Client Whitelist. It is recommended to use a predefined list of client hosts that are authorized to access the API in a production environment.

Once you have installed and configured Django Client Whitelist, it will start protecting your endpoints immediately. Any requests to a protected endpoint from a client host that is not in the allowed list will result in a 403 Forbidden response.

Contributing

Pull requests are welcome. For major changes, please open an issue first to discuss what you would like to change.

License

MIT

Project details

Verified details

These details have been verified by PyPI
Maintainers
Avatar for S-Amine from gravatar.com S-Amine

Unverified details

These details have not been verified by PyPI
Project links
Meta
  • License: MIT License (MIT)
  • Author: S-Amine
  • Requires: Python >=3.10.7
Classifiers

Release history Release notifications | RSS feed

This version

0.2

0.1

Download files

Download the file for your platform. If you're not sure which to choose, learn more about installing packages.

Source Distribution

django-client-whitelist-0.2.tar.gz (3.9 kB view details)

Uploaded Source

File details

Details for the file django-client-whitelist-0.2.tar.gz.

File metadata

  • Download URL: django-client-whitelist-0.2.tar.gz
  • Upload date:
  • Size: 3.9 kB
  • Tags: Source
  • Uploaded using Trusted Publishing? No
  • Uploaded via: twine/4.0.2 CPython/3.10.7

File hashes

Hashes for django-client-whitelist-0.2.tar.gz
Algorithm Hash digest
SHA256 797cbfcc7c0fa304d75d4c351e2cdab0760797fa4a510da43332edd9f68951b4
MD5 a0f2ecce9817a856f53e4b66230cee29
BLAKE2b-256 6bc9eb126a09d446bd097eeb5de45d2083c9b5f3fef32521ceecfc77d3c77f54

See more details on using hashes here.

Supported by

AWS Cloud computing and Security Sponsor Datadog Monitoring Depot Continuous Integration Fastly CDN Google Download Analytics Pingdom Monitoring Sentry Error logging StatusPage Status page