A middleware that secures URLS.
Project description
Django SSL Slapper
===================
Django-SSL-Slapper is a middleware that allows you to set urls to ssl only. It can also redirects anonymous users off your https service onto your http. Logged-in users may also be directed to https.
Django-SSL-Slapper can also use cache to count the number of login attempts and slap away excessive entries (default more than 20 per minute). THe user account is temporary locked for a timer period (default 1 minute). The default settings should disrupt automated attempts for entry without bothering even the quickest users.
Installation
------------
```pip install django-ssl-slapper```
Add ```'ssl_slapper.middleware.ssl_redirect'``` to middleware in your django settings file for redirection
Add ```'ssl_slapper.middleware.rate_limit'``` to middleware in your django settings file for rate_limiting. You will want to enable memcache for this.
It is recommended that you set ```SESSION_COOKIE_SECURE = True``` to ensure that your site is secured to use https only for authenticated users.
That's it! The middleware shuld automatically detect your login pages and slap away!
SSL_Redirect Settings
--------
```SSL_SLAPPER_SSL_ONLY_PAGES = (reverse(django.contrib.auth.views.login), [[any admin pages]])``` Add to this list any pages that you want to always redirect to https.
```SSL_SLAPPER_SSL_REDIRECT_ANONYMOUS=True``` Set to true to redirect anonymous users to http.
```SSL_SLAPPER_SSL_REDIRECT_AUTHENTICATED=True``` Set to true to redirect authenticated users to https.
```SSL_REDIRECT_COOKIE= 'logged-in'``` Set to the name you want for the cookie to identify logged-in users
SSL_Rate_Limit Settings
--------
```SSL_SLAPPER_RATE_LIMIT_PAGES = SSL_ONLY_PAGES``` Add to this list any pages that you want to ratelimit.
```SSL_SLAPPER_RATE_LIMIT_MINUTES=1``` = Minutes to wait before login counter is reset
```SSL_SLAPPER_RATE_LIMIT_KEY_FIELD='username'``` Field, if present, to track login attemps. If missing, then will use ip address
```SSL_SLAPPER_RATE_LIMIT_MAX_REQUESTS=20``` Set to the maximum number of requests within the RATE_LIMIT_MINUTES before the account will be locked.
```SSL_SLAPPER_RATE_LIMIT_CACHE_PREFIX='rl-'``` Cache prefix for rate limit cache
===================
Django-SSL-Slapper is a middleware that allows you to set urls to ssl only. It can also redirects anonymous users off your https service onto your http. Logged-in users may also be directed to https.
Django-SSL-Slapper can also use cache to count the number of login attempts and slap away excessive entries (default more than 20 per minute). THe user account is temporary locked for a timer period (default 1 minute). The default settings should disrupt automated attempts for entry without bothering even the quickest users.
Installation
------------
```pip install django-ssl-slapper```
Add ```'ssl_slapper.middleware.ssl_redirect'``` to middleware in your django settings file for redirection
Add ```'ssl_slapper.middleware.rate_limit'``` to middleware in your django settings file for rate_limiting. You will want to enable memcache for this.
It is recommended that you set ```SESSION_COOKIE_SECURE = True``` to ensure that your site is secured to use https only for authenticated users.
That's it! The middleware shuld automatically detect your login pages and slap away!
SSL_Redirect Settings
--------
```SSL_SLAPPER_SSL_ONLY_PAGES = (reverse(django.contrib.auth.views.login), [[any admin pages]])``` Add to this list any pages that you want to always redirect to https.
```SSL_SLAPPER_SSL_REDIRECT_ANONYMOUS=True``` Set to true to redirect anonymous users to http.
```SSL_SLAPPER_SSL_REDIRECT_AUTHENTICATED=True``` Set to true to redirect authenticated users to https.
```SSL_REDIRECT_COOKIE= 'logged-in'``` Set to the name you want for the cookie to identify logged-in users
SSL_Rate_Limit Settings
--------
```SSL_SLAPPER_RATE_LIMIT_PAGES = SSL_ONLY_PAGES``` Add to this list any pages that you want to ratelimit.
```SSL_SLAPPER_RATE_LIMIT_MINUTES=1``` = Minutes to wait before login counter is reset
```SSL_SLAPPER_RATE_LIMIT_KEY_FIELD='username'``` Field, if present, to track login attemps. If missing, then will use ip address
```SSL_SLAPPER_RATE_LIMIT_MAX_REQUESTS=20``` Set to the maximum number of requests within the RATE_LIMIT_MINUTES before the account will be locked.
```SSL_SLAPPER_RATE_LIMIT_CACHE_PREFIX='rl-'``` Cache prefix for rate limit cache
Release history Release notifications | RSS feed
Download files
Download the file for your platform. If you're not sure which to choose, learn more about installing packages.
Source Distribution
django-ssl-slapper-0.1.2a3.zip
(10.1 kB
view details)
Built Distribution
django-ssl-slapper-0.1.2a3.win32.exe
(205.5 kB
view details)
File details
Details for the file django-ssl-slapper-0.1.2a3.zip.
File metadata
- Download URL: django-ssl-slapper-0.1.2a3.zip
- Upload date:
- Size: 10.1 kB
- Tags: Source
- Uploaded using Trusted Publishing? No
File hashes
| Algorithm | Hash digest | |
|---|---|---|
| SHA256 | d7bcefe6e67d11dc4988a6002026596e67129b52a67accd21196a93e4dba2687 |
|
| MD5 | da782d476b38bd0ac715c8d3cde5d3c7 |
|
| BLAKE2b-256 | 67103bcc5a1e6bc4c5e8a67cd07b5622cc13ef083c019a9e76b28d6cac6170e3 |
File details
Details for the file django-ssl-slapper-0.1.2a3.win32.exe.
File metadata
- Download URL: django-ssl-slapper-0.1.2a3.win32.exe
- Upload date:
- Size: 205.5 kB
- Tags: Source
- Uploaded using Trusted Publishing? No
File hashes
| Algorithm | Hash digest | |
|---|---|---|
| SHA256 | 670f51dc430ceabc420c5042fbc2e9dab093abf27aaede817b39481b0cacd727 |
|
| MD5 | 8c5cf45226edddd9fb2d623942d21fad |
|
| BLAKE2b-256 | a9830b00b66522d87b63c6f9f453e02bf909e6307810f83c45133cccade95204 |
