Framework for views in big projects on Django.
Project description
DjBrut logo
DjBrut – simple brutforce protection for Django project.
Default checkers:
- Max requests for IP.
- Max requests for user.
- Max requests for one CSRF-token (stupid but effective).
- Max requests frequency limitation.
DjBrut use Redis as storage for all counters.
Installation
pip install djbrut
Usage
from django.http import HttpResponse from djbrut import Attempt def some_view(request): attempt = Attempt('some rule type name', request) # check if not attempt.check(): # error return HttpResponse(attempt.error) # success ...
You can see example project for more details.
Configuring
Just set up rules:
BRUTEFORCE_LIMITS = { 'default': Rule( user=100, # max requests for one user by BRUTEFORCE_TIMELIMIT ip=300, # max requests for one IP by BRUTEFORCE_TIMELIMIT csrf=50, # max requests with one CSRF token by BRUTEFORCE_TIMELIMIT freq=0, # max request frequency for client [seconds] ), 'some rule type name': Rule( user=100, # max requests for one user by BRUTEFORCE_TIMELIMIT ip=300, # max requests for one IP by BRUTEFORCE_TIMELIMIT csrf=50, # max requests with one CSRF token by BRUTEFORCE_TIMELIMIT freq=0, # max request frequency for client [seconds] ), }
Attempt get rule type name as first arg. If rule type name not found in keys of BRUTEFORCE_LIMITS, ‘default’ will be used. If you don’t set default rule then passed rule type must be exists in BRUTEFORCE_LIMITS keys.
BRUTEFORCE_TIMELIMIT – time to live for all attempts counters.
You can see default settings for more params such as custom error message.
Project details
Release history Release notifications | RSS feed
Download files
Download the file for your platform. If you're not sure which to choose, learn more about installing packages.
Source Distribution
djbrut-1.0.0.tar.gz
(7.7 kB
view hashes)