Skip to main content

A Django middleware to restrict incoming IPs to a Django project.

Project description

Django IP Restriction

Department of International Trade Django IP Whitelist. A Django middleware to restrict incoming IPs to a Django project to a list of allowed IPs or IP ranges. Access to the admin login screen, and access to authenticated users are configurable, so it can be set such that users can authenticate, and bypass the IP restriction for the site.

Requirements

  • Python >= 3.3

  • Django >= 1.9

Quick start

  1. Install the package:

    $ pip install django-ip-restriction
  2. Add the middleware to your settings (Note: the minimum necessary other middleware components are Django’s SessionMiddleware and AuthenticationMiddleware, these are added by default to your settings):

    # Django 1.9
    MIDDLEWARE_CLASSES = [
        ...
        'ip_restriction.IpWhitelister',
        ...
    ]
    
    # Django 1.10+
    MIDDLEWARE = [
        ...
        'ip_restriction.IpWhitelister',
        ...
    ]

Configuration

Turning on or off, and configuring the IP whitelist is done either via variables in your Django settings, or via environment variables. Values in Django settings take preference over values in the environment.

Turning on/off the middleware is done via RESTRICT_IPS, and the default value is False. Either set this variable to True in Django settings, or set a truthy value (e.g. ‘true’, ‘1’) in your environment.

Individual IPs can be whitelisted via ALLOWED_IPS, which is either a list of IP strings in Django settings, or a comma-separated list of IPs in the environment, e.g the following 2 are equivalent:

# in bash (spaces are disregarded, trailing commas are OK)
export ALLOWED_IPS='192.168.0.1, 192.168.0.2,192.168.0.3,'

# in settings.py (will override the above environment variable)
ALLOWED_IPS = ['192.168.0.1', '192.168.0.2', '192.168.0.3']

IP ranges can be whitelisted via ALLOWED_IP_RANGES, which is either a list of IP range strings (CIDR notation) in Django settings, or a comma-separated list of IP ranges in the environment, e.g.:

# in bash
export ALLOWED_IP_RANGES='192.168.0.0/8, 127.0.0.0/2'

# in settings.py
ALLOWED_IPS = ['192.168.0.0/8', '127.0.0.0/2']

Regardless of the IP addresses/rages that are in the whitelist, access for all authenticated users can be allowed with ALLOW_AUTHENTICATED. If true, this will allow any valid sessions past the IP restriction.

Regardless of the IP addresses/rages that are in the whitelist, access to the admin URLs is also allowed past the IP restriction if ALLOW_ADMIN is true.

Setting both ALLOW_ADMIN and ALLOW_AUTHENTICATED to true is recommended, and will allow any user that can log in, to first access only the admin interface in order to authenitcate, and from then have access to all URLs for the project.

Restict Admin views only

To restrict admin views only set the variables RESTRICT_ADMIN_BY_IPS, ALLOWED_ADMIN_IPS and ALLOWED_ADMIN_IP_RANGES

Contributing

Contributions are welcome. Please follow the guidelines below to make life easier:

  • Fork the repo, branch off release, make changes, then make a pull request (PR) to release on the main repo

  • Include documentation for any new features

  • Please limit changes for a PR to a single feature, or a single bugfix
    • Make multiple PRs for multiple discrete changes

  • Please squash commits - ideally a single commit, but at least to a sensible minimum
    • If a PR reasonably should have multiple commits, consider if it should actually be separate PRs

License

MIT licensed. See the bundled LICENSE file for more details.

TODO

  • Allow the IP restriction to work in a blacklisting mode, rather than just a whitelisting mode

  • Get continuous integration to run on multiple python versions from 3.0+
    • Currently only running on 3.5.0

    • Utilise parallelism

  • Run tests on multiple Django versions
    • Currently only running against Django 1.9

    • Utilise parallelism

Project details


Download files

Download the file for your platform. If you're not sure which to choose, learn more about installing packages.

Source Distribution

django-ip-restriction-1.1.1.tar.gz (5.4 kB view details)

Uploaded Source

Built Distribution

django_ip_restriction-1.1.1-py3-none-any.whl (10.6 kB view details)

Uploaded Python 3

File details

Details for the file django-ip-restriction-1.1.1.tar.gz.

File metadata

  • Download URL: django-ip-restriction-1.1.1.tar.gz
  • Upload date:
  • Size: 5.4 kB
  • Tags: Source
  • Uploaded using Trusted Publishing? No
  • Uploaded via: twine/1.12.1 pkginfo/1.5.0.1 requests/2.18.4 setuptools/40.6.3 requests-toolbelt/0.8.0 tqdm/4.30.0 CPython/3.6.7

File hashes

Hashes for django-ip-restriction-1.1.1.tar.gz
Algorithm Hash digest
SHA256 8b10c2ef6de43f99d850c4e7bd0a984ebf82f65e8c6fff0de48e092ade7c8d93
MD5 0ed2db88d305bb7612cc7020b6208f82
BLAKE2b-256 4483f35d56a19b6c2d44a31a6d3a0bb636b58e6b0b3843484334d00f2bf9c083

See more details on using hashes here.

File details

Details for the file django_ip_restriction-1.1.1-py3-none-any.whl.

File metadata

  • Download URL: django_ip_restriction-1.1.1-py3-none-any.whl
  • Upload date:
  • Size: 10.6 kB
  • Tags: Python 3
  • Uploaded using Trusted Publishing? No
  • Uploaded via: twine/1.12.1 pkginfo/1.5.0.1 requests/2.18.4 setuptools/40.6.3 requests-toolbelt/0.8.0 tqdm/4.30.0 CPython/3.6.7

File hashes

Hashes for django_ip_restriction-1.1.1-py3-none-any.whl
Algorithm Hash digest
SHA256 56808533162f9a193706eccbd954ddcd1643e0973f88e176ae5b297a92c56a27
MD5 e95ec71f6a6eeeaf38acf024be666a45
BLAKE2b-256 5549d80e135baf4f5c8ef78766102ca61362a5c467ee3e1fab777b1e02e6f768

See more details on using hashes here.

Supported by

AWS AWS Cloud computing and Security Sponsor Datadog Datadog Monitoring Fastly Fastly CDN Google Google Download Analytics Microsoft Microsoft PSF Sponsor Pingdom Pingdom Monitoring Sentry Sentry Error logging StatusPage StatusPage Status page