Skip to main content

A middleware that secures URLS.

Project description

Django SSL Slapper
===================

Django-SSL-Slapper is a middleware that allows you to set urls to ssl only. It can also redirects anonymous users off your https service onto your http. Logged-in users may also be directed to https.

Django-SSL-Slapper can also use cache to count the number of login attempts and slap away excessive entries (default more than 20 per minute). THe user account is temporary locked for a timer period (default 1 minute). The default settings should disrupt automated attempts for entry without bothering even the quickest users.

Installation
------------

```pip install django-ssl-slapper```

Add ```'ssl_slapper.middleware.ssl_redirect'``` to middleware in your django settings file for redirection

Add ```'ssl_slapper.middleware.rate_limit'``` to middleware in your django settings file for rate_limiting. You will want to enable memcache for this.

It is recommended that you set ```SESSION_COOKIE_SECURE = True``` to ensure that your site is secured to use https only for authenticated users.

That's it! The middleware shuld automatically detect your login pages and slap away!

SSL_Redirect Settings
--------

```SSL_SLAPPER_SSL_ONLY_PAGES = (reverse(django.contrib.auth.views.login), [[any admin pages]])``` Add to this list any pages that you want to always redirect to https.

```SSL_SLAPPER_SSL_REDIRECT_ANONYMOUS=True``` Set to true to redirect anonymous users to http.

```SSL_SLAPPER_SSL_REDIRECT_AUTHENTICATED=True``` Set to true to redirect authenticated users to https.

```SSL_REDIRECT_COOKIE= 'logged-in'``` Set to the name you want for the cookie to identify logged-in users

```SSL_SLAPPER_SSL_IGNORE_PAGES=None``` Set to a list containing any urls, for examples API url, that should not be redirected.

SSL_Rate_Limit Settings
--------

```SSL_SLAPPER_RATE_LIMIT_PAGES = SSL_ONLY_PAGES``` Add to this list any pages that you want to ratelimit.
```SSL_SLAPPER_RATE_LIMIT_MINUTES=1``` = Minutes to wait before login counter is reset
```SSL_SLAPPER_RATE_LIMIT_KEY_FIELD='username'``` Field, if present, to track login attemps. If missing, then will use ip address
```SSL_SLAPPER_RATE_LIMIT_MAX_REQUESTS=20``` Set to the maximum number of requests within the RATE_LIMIT_MINUTES before the account will be locked.
```SSL_SLAPPER_RATE_LIMIT_CACHE_PREFIX='rl-'``` Cache prefix for rate limit cache



Project details


Download files

Download the file for your platform. If you're not sure which to choose, learn more about installing packages.

Source Distribution

django-ssl-slapper-1.2.tar.gz (5.6 kB view details)

Uploaded Source

Built Distributions

django_ssl_slapper-1.2-py2.py3-none-any.whl (6.8 kB view details)

Uploaded Python 2 Python 3

django_ssl_slapper-1.2-py2-none-any.whl (6.8 kB view details)

Uploaded Python 2

File details

Details for the file django-ssl-slapper-1.2.tar.gz.

File metadata

File hashes

Hashes for django-ssl-slapper-1.2.tar.gz
Algorithm Hash digest
SHA256 ffd02320f8fee4d885c85d000046dad8b13a25832795b1464ab070d87c661016
MD5 14f221e0b09d50c6c6430e6e82f8e153
BLAKE2b-256 624755499d204fe73dcc421a1a3413fda30b61d539630f308cb740f210a83f12

See more details on using hashes here.

File details

Details for the file django_ssl_slapper-1.2-py2.py3-none-any.whl.

File metadata

File hashes

Hashes for django_ssl_slapper-1.2-py2.py3-none-any.whl
Algorithm Hash digest
SHA256 bddc3871bd2218c561f2551c23fe12c90b33275a3c239a27bb0df1f81ea63061
MD5 7111edd0819f14a06649b1defdf415ee
BLAKE2b-256 ed81716654da254aff38bf0f3d86c1b934d5b935ee854c9eea67280e529eeb9f

See more details on using hashes here.

File details

Details for the file django_ssl_slapper-1.2-py2-none-any.whl.

File metadata

File hashes

Hashes for django_ssl_slapper-1.2-py2-none-any.whl
Algorithm Hash digest
SHA256 1668a6ad11a3f731259620a595f1116656222a4e7c36519f7234d4d616efbeab
MD5 6c232a7589e919cb13e512b6d7208204
BLAKE2b-256 f4c0b2e3fb49d75f067bfbd2a92924ddadd286b615fc74daac879bd2de116b65

See more details on using hashes here.

Supported by

AWS AWS Cloud computing and Security Sponsor Datadog Datadog Monitoring Fastly Fastly CDN Google Google Download Analytics Pingdom Pingdom Monitoring Sentry Sentry Error logging StatusPage StatusPage Status page