Framework for views in big projects on Django.
Project description
DjBrut logo
</figcaption>
DjBrut – simple brutforce protection for Django project.
Default checkers:
Max requests for IP.
Max requests for user.
Max requests for one CSRF-token (stupid but effective).
Max requests frequency limitation.
DjBrut use Redis as storage for all counters.
Installation
pip install djbrut
Usage
from django.http import HttpResponse
from djbrut import Attempt
def some_view(request):
attempt = Attempt('some rule type name', request)
# check
if not attempt.check():
# error
return HttpResponse(attempt.error)
# success
...You can see example project for more details.
Configuring
Just set up rules:
BRUTEFORCE_LIMITS = {
'default': Rule(
user=100, # max requests for one user by BRUTEFORCE_TIMELIMIT
ip=300, # max requests for one IP by BRUTEFORCE_TIMELIMIT
csrf=50, # max requests with one CSRF token by BRUTEFORCE_TIMELIMIT
freq=0, # max request frequency for client [seconds]
),
'some rule type name': Rule(
user=100, # max requests for one user by BRUTEFORCE_TIMELIMIT
ip=300, # max requests for one IP by BRUTEFORCE_TIMELIMIT
csrf=50, # max requests with one CSRF token by BRUTEFORCE_TIMELIMIT
freq=0, # max request frequency for client [seconds]
),
}Attempt get rule type name as first arg. If rule type name not found in keys of BRUTEFORCE_LIMITS, ‘default’ will be used. If you don’t set default rule then passed rule type must be exists in BRUTEFORCE_LIMITS keys.
BRUTEFORCE_TIMELIMIT – time to live for all attempts counters.
You can see default settings for more params such as custom error message.
Release history Release notifications | RSS feed
Download files
Download the file for your platform. If you're not sure which to choose, learn more about installing packages.