A middleware that secures URLS.
Project description
Django SSL Slapper
===================
Django-SSL-Slapper is a middleware that allows you to set urls to ssl only. It can also redirects anonymous users off your https service onto your http. Logged-in users may also be directed to https.
Django-SSL-Slapper can also use cache to count the number of login attempts and slap away excessive entries (default more than 20 per minute). THe user account is temporary locked for a timer period (default 1 minute). The default settings should disrupt automated attempts for entry without bothering even the quickest users.
Installation
------------
```pip install django-ssl-slapper```
Add ```'ssl_slapper.middleware.ssl_redirect'``` to middleware in your django settings file for redirection
Add ```'ssl_slapper.middleware.rate_limit'``` to middleware in your django settings file for rate_limiting. You will want to enable memcache for this.
It is recommended that you set ```SESSION_COOKIE_SECURE = True``` to ensure that your site is secured to use https only for authenticated users.
That's it! The middleware shuld automatically detect your login pages and slap away!
SSL_Redirect Settings
--------
```SSL_SLAPPER_SSL_ONLY_PAGES = (reverse(django.contrib.auth.views.login), [[any admin pages]])``` Add to this list any pages that you want to always redirect to https.
```SSL_SLAPPER_SSL_REDIRECT_ANONYMOUS=True``` Set to true to redirect anonymous users to http.
```SSL_SLAPPER_SSL_REDIRECT_AUTHENTICATED=True``` Set to true to redirect authenticated users to https.
```SSL_REDIRECT_COOKIE= 'logged-in'``` Set to the name you want for the cookie to identify logged-in users
```SSL_SLAPPER_SSL_IGNORE_PAGES=None``` Set to a list containing any urls, for examples API url, that should not be redirected.
SSL_Rate_Limit Settings
--------
```SSL_SLAPPER_RATE_LIMIT_PAGES = SSL_ONLY_PAGES``` Add to this list any pages that you want to ratelimit.
```SSL_SLAPPER_RATE_LIMIT_MINUTES=1``` = Minutes to wait before login counter is reset
```SSL_SLAPPER_RATE_LIMIT_KEY_FIELD='username'``` Field, if present, to track login attemps. If missing, then will use ip address
```SSL_SLAPPER_RATE_LIMIT_MAX_REQUESTS=20``` Set to the maximum number of requests within the RATE_LIMIT_MINUTES before the account will be locked.
```SSL_SLAPPER_RATE_LIMIT_CACHE_PREFIX='rl-'``` Cache prefix for rate limit cache
===================
Django-SSL-Slapper is a middleware that allows you to set urls to ssl only. It can also redirects anonymous users off your https service onto your http. Logged-in users may also be directed to https.
Django-SSL-Slapper can also use cache to count the number of login attempts and slap away excessive entries (default more than 20 per minute). THe user account is temporary locked for a timer period (default 1 minute). The default settings should disrupt automated attempts for entry without bothering even the quickest users.
Installation
------------
```pip install django-ssl-slapper```
Add ```'ssl_slapper.middleware.ssl_redirect'``` to middleware in your django settings file for redirection
Add ```'ssl_slapper.middleware.rate_limit'``` to middleware in your django settings file for rate_limiting. You will want to enable memcache for this.
It is recommended that you set ```SESSION_COOKIE_SECURE = True``` to ensure that your site is secured to use https only for authenticated users.
That's it! The middleware shuld automatically detect your login pages and slap away!
SSL_Redirect Settings
--------
```SSL_SLAPPER_SSL_ONLY_PAGES = (reverse(django.contrib.auth.views.login), [[any admin pages]])``` Add to this list any pages that you want to always redirect to https.
```SSL_SLAPPER_SSL_REDIRECT_ANONYMOUS=True``` Set to true to redirect anonymous users to http.
```SSL_SLAPPER_SSL_REDIRECT_AUTHENTICATED=True``` Set to true to redirect authenticated users to https.
```SSL_REDIRECT_COOKIE= 'logged-in'``` Set to the name you want for the cookie to identify logged-in users
```SSL_SLAPPER_SSL_IGNORE_PAGES=None``` Set to a list containing any urls, for examples API url, that should not be redirected.
SSL_Rate_Limit Settings
--------
```SSL_SLAPPER_RATE_LIMIT_PAGES = SSL_ONLY_PAGES``` Add to this list any pages that you want to ratelimit.
```SSL_SLAPPER_RATE_LIMIT_MINUTES=1``` = Minutes to wait before login counter is reset
```SSL_SLAPPER_RATE_LIMIT_KEY_FIELD='username'``` Field, if present, to track login attemps. If missing, then will use ip address
```SSL_SLAPPER_RATE_LIMIT_MAX_REQUESTS=20``` Set to the maximum number of requests within the RATE_LIMIT_MINUTES before the account will be locked.
```SSL_SLAPPER_RATE_LIMIT_CACHE_PREFIX='rl-'``` Cache prefix for rate limit cache
Project details
Release history Release notifications | RSS feed
Download files
Download the file for your platform. If you're not sure which to choose, learn more about installing packages.
Source Distribution
Built Distributions
File details
Details for the file django-ssl-slapper-1.2.tar.gz
.
File metadata
- Download URL: django-ssl-slapper-1.2.tar.gz
- Upload date:
- Size: 5.6 kB
- Tags: Source
- Uploaded using Trusted Publishing? No
File hashes
Algorithm | Hash digest | |
---|---|---|
SHA256 | ffd02320f8fee4d885c85d000046dad8b13a25832795b1464ab070d87c661016 |
|
MD5 | 14f221e0b09d50c6c6430e6e82f8e153 |
|
BLAKE2b-256 | 624755499d204fe73dcc421a1a3413fda30b61d539630f308cb740f210a83f12 |
File details
Details for the file django_ssl_slapper-1.2-py2.py3-none-any.whl
.
File metadata
- Download URL: django_ssl_slapper-1.2-py2.py3-none-any.whl
- Upload date:
- Size: 6.8 kB
- Tags: Python 2, Python 3
- Uploaded using Trusted Publishing? No
File hashes
Algorithm | Hash digest | |
---|---|---|
SHA256 | bddc3871bd2218c561f2551c23fe12c90b33275a3c239a27bb0df1f81ea63061 |
|
MD5 | 7111edd0819f14a06649b1defdf415ee |
|
BLAKE2b-256 | ed81716654da254aff38bf0f3d86c1b934d5b935ee854c9eea67280e529eeb9f |
File details
Details for the file django_ssl_slapper-1.2-py2-none-any.whl
.
File metadata
- Download URL: django_ssl_slapper-1.2-py2-none-any.whl
- Upload date:
- Size: 6.8 kB
- Tags: Python 2
- Uploaded using Trusted Publishing? No
File hashes
Algorithm | Hash digest | |
---|---|---|
SHA256 | 1668a6ad11a3f731259620a595f1116656222a4e7c36519f7234d4d616efbeab |
|
MD5 | 6c232a7589e919cb13e512b6d7208204 |
|
BLAKE2b-256 | f4c0b2e3fb49d75f067bfbd2a92924ddadd286b615fc74daac879bd2de116b65 |