Django middleware for IP and hostname-based access control
Project description
Django IP Access Control Middleware
A Django middleware for IP and hostname-based access control with support for:
- IP addresses and CIDR ranges from database
- Hostname matching from environment variables
- Automatic same-network detection for Kubernetes
- Route-based access control with regex, exact, startswith, endswith patterns
Features
- Database-driven IP control: Store granted IP addresses and CIDR ranges in the database
- Environment-based hostnames: Configure allowed hostnames via environment variables
- Kubernetes support: Automatic same-network detection for pods in the same cluster
- Flexible route matching: Support for regex, exact match, startswith, and endswith patterns
- Priority-based access control:
- Same network detection (highest priority - allows immediately)
- Hostname matching (from environment variables)
- IP checking (from database)
Installation
pip install django-ip-access-middleware
Or install from source:
pip install -e .
Quick Start
1. Add to INSTALLED_APPS
Add django_ip_access to your INSTALLED_APPS in settings.py:
INSTALLED_APPS = [
# ... other apps
'django_ip_access',
]
2. Add Middleware
Add the middleware to your MIDDLEWARE list in settings.py:
MIDDLEWARE = [
# ... other middleware
'django_ip_access.middleware.IPAccessMiddleware',
# ... other middleware
]
3. Run Migrations
Create and run migrations for the database model:
python manage.py makemigrations django_ip_access
python manage.py migrate django_ip_access
4. Configure Routes
Configure which routes should be protected in settings.py:
IP_ACCESS_MIDDLEWARE_CONFIG = {
'routes': [
{
'pattern': r'^/admin/.*', # regex pattern
'type': 'regex',
},
{
'pattern': '/api/', # starts with
'type': 'startswith',
},
{
'pattern': '.json', # ends with
'type': 'endswith',
},
{
'pattern': '/api/secure/', # exact match
'type': 'exact',
},
],
# Optional: Kubernetes network configuration
'kubernetes_network_range': os.getenv('KUBERNETES_NETWORK_RANGE', ''), # e.g., '10.244.0.0/16'
'pod_ip': os.getenv('POD_IP', ''), # Kubernetes pod IP
}
# Environment variable for allowed hostnames (comma-separated)
ALLOWED_HOSTNAMES_ENV = os.getenv('ALLOWED_HOSTNAMES', '')
# Example: ALLOWED_HOSTNAMES="*.example.com,api.example.com,*.subdomain.com"
5. Add Granted IPs
Use Django admin or create GrantedIP objects to allow IP addresses:
from django_ip_access.models import GrantedIP
# Add a single IP
GrantedIP.objects.create(
ip_address='192.168.1.100',
description='Development server',
is_active=True
)
# Add an IP range (CIDR)
GrantedIP.objects.create(
ip_address='10.0.0.0/24',
description='Internal network',
is_active=True
)
Configuration
Route Types
- regex: Match using regular expressions
- exact: Exact path match
- startswith: Match if path starts with pattern
- endswith: Match if path ends with pattern
Environment Variables
ALLOWED_HOSTNAMES: Comma-separated list of allowed hostnames (supports wildcards like*.example.com)POD_IP: Kubernetes pod IP (optional, for explicit network detection)KUBERNETES_NETWORK_RANGE: Kubernetes network range (optional, e.g.,10.244.0.0/16)
Same Network Detection
The middleware automatically detects if the client IP is on the same network as the server:
- Checks if both IPs are private IPs on the same subnet
- Works automatically without configuration
- Highest priority - if same network is detected, access is allowed immediately
Usage Examples
Protect Admin Routes
IP_ACCESS_MIDDLEWARE_CONFIG = {
'routes': [
{
'pattern': r'^/admin/.*',
'type': 'regex',
},
],
}
Protect API Routes
IP_ACCESS_MIDDLEWARE_CONFIG = {
'routes': [
{
'pattern': '/api/',
'type': 'startswith',
},
],
}
Allow Hostnames from Environment
Set environment variable:
export ALLOWED_HOSTNAMES="*.example.com,api.example.com"
Django Admin
The middleware includes a Django admin interface for managing granted IPs at /admin/:
- View all granted IPs
- Add/edit/delete IP addresses and ranges
- Enable/disable IP entries
- Filter and search
Models
GrantedIP
ip_address: IP address or CIDR range (e.g.,192.168.1.1or192.168.1.0/24)description: Optional descriptionis_active: Enable/disable the IP entrycreated_at: Creation timestampupdated_at: Last update timestamp
Testing
Run the test suite:
python test_middleware.py
python test_integration.py
Requirements
- Python 3.8+
- Django 3.2+
Optional Dependencies
netifaces: For better network interface detection (install withpip install django-ip-access-middleware[dev])
License
MIT License
Contributing
Contributions are welcome! Please feel free to submit a Pull Request.
Support
For issues and questions, please open an issue on GitHub.
Download files
Download the file for your platform. If you're not sure which to choose, learn more about installing packages.
Source Distribution
Built Distribution
Filter files by name, interpreter, ABI, and platform.
If you're not sure about the file name format, learn more about wheel file names.
Copy a direct link to the current filters
File details
Details for the file django_ip_access_middleware-1.0.0.tar.gz.
File metadata
- Download URL: django_ip_access_middleware-1.0.0.tar.gz
- Upload date:
- Size: 12.2 kB
- Tags: Source
- Uploaded using Trusted Publishing? No
- Uploaded via: twine/6.2.0 CPython/3.10.12
File hashes
| Algorithm | Hash digest | |
|---|---|---|
| SHA256 |
9c115ef0953720ac5e6fb906b454f0f49d0a707d127f7150b7ce9a61d425b5f7
|
|
| MD5 |
394b338821d4c51a757a9459657f9e6c
|
|
| BLAKE2b-256 |
99efa3966c6db795af86f2ffdfe143b8d79d4c6cb4ced91944ad22c7de098519
|
File details
Details for the file django_ip_access_middleware-1.0.0-py3-none-any.whl.
File metadata
- Download URL: django_ip_access_middleware-1.0.0-py3-none-any.whl
- Upload date:
- Size: 12.1 kB
- Tags: Python 3
- Uploaded using Trusted Publishing? No
- Uploaded via: twine/6.2.0 CPython/3.10.12
File hashes
| Algorithm | Hash digest | |
|---|---|---|
| SHA256 |
ddb4cf429f217c6448a0ccf0df58342951fc4e220186552c7409d348281934bf
|
|
| MD5 |
c2ddd8ec31e473ace6997bfa1657dc0d
|
|
| BLAKE2b-256 |
49af90f74183453e043e0e047217c3c01f2e87a30418911b1951d8d56a9c5b72
|
