Flask-Allow allows white/black listing of ip addresses/networks and providing access log.
Project description
Flask-Allow
Flask-Allow is an extension for Flask that adds support for white and/or black listing IP addresses and/or IP networks and provide an access log to your application.
Why this extension
Whenever the web application runs behind a reverse proxy that is located on a different system in the network, you want to grant access to the proxy but exclude all other hosts in the network.
ALLOW: proxy-host.your.domain.tld
ALLOW: localhost
DENY: 0.0.0.0/0
These rules allow the host proxy-host.your.domain.tld and localhost to pass in to the web application. localhost is there to give administrators access to the web application when running on the same machine. The 0.0.0.0/0 blocks all other addresses.
Not the order in which you configure the rules is important. for example swaping localhost and 0.0.0.0/0 shall exclude the localhost.
Why should you use a reverse proxy, read all about it in the Link
Version
Currently this supports and is tested with Flask 2.x.x. therefore the version of this package is version 2.0.x. Tested with Python version 3.8, 3.9, 3.10 and 3.11.
Licence
Flask-Allow is licenced under GPL-2.0-only, see the LICENCE.md for more information.
Installing
Install and update using pip.
$ pip install -U Flask-Allow
Configuration
This extension has two configuration items:
- ADDRESS_RESTRICTION
- ACCESS_LOG
The attribute ADDRESS_RESTRICTION is a list of dictionaries with one or two items
- ALLOW; the IP address or network address to be granted access.
- DENY; the IP address or network address to be denied access.
For IP network addresses it must be coded as /, for example:
172.16.0.0/16
For allowing or denying single hosts you may even write the fqdn of the host you want to exclude;
DENY: test.example.com
ALLOW: prod.example.com
The attribute ACCESS_LOG may be a filename or a dictionary, it uses rotating file logger. When using a dictionary the following items may be provided;
- filename; sets the filename for the access log.
- maxBytes; sets the maximum size of the log file, default is 5242880.
- backupCount; sets the maximum historical log files kept, default is 7.
- formatter; Sets the log file formatter, default is "%(asctime)s - %(levelname)7s - %(message)s"
The logger created is called flask.allow, when configured the log level is set the INFO.
Simple example
The following example sets up a web server on host address 0.0.0.0 (all networks) with port 5000. An access log is created and only the localhost address is allowed to enter the application, all other addresses receive a HTTP 403 error.
import flask
from flask_allow import FlaskAllow
app = flask.Flask( __name__ )
app.config[ 'ACCESS_LOG' ] = "access.log"
app.config[ 'ADDRESS_RESTRICTION' ] = [
{
"ALLOW": "127.0.0.1", # Allow localhost
"DENY": "0.0.0.0/0" # Deny the rest
}
]
FlaskAllow( app )
@app.route('/')
def index():
return "Hello world", 200
app.run( '0.0.0.0', 5000 )
NOTE: The class FlaskAllow should be initialized before any @before_request decorators are being called, this to ensure that Flask-Allow is the first to check in incomming request.
The following log output is from the test_flask_allow.py script.
2023-12-03 07:34:27,883 - INFO - Access log started
2023-12-03 07:34:28,886 - INFO - 127.0.0.1 allowed by rule 127.0.0.1/32 http://localhost:5000/
2023-12-03 07:34:28,893 - INFO - 127.0.0.1 allowed by rule 127.0.0.1/32 http://localhost:5000/ python-requests/2.31.0
2023-12-03 07:34:28,903 - ERROR - 192.168.110.2 denied by rule 0.0.0.0/0 http://matrix:5000/ python-requests/2.31.0
Contributing
For guidance on setting up a development environment and how to make a contribution to flask-access, see the contributing guidelines.
Donate
The Pallets organization develops and supports Flask and other popular packages. In order to grow the community of contributors and users, and allow the maintainers to devote more time to the projects, please donate today
Links
Release history Release notifications | RSS feed
Download files
Download the file for your platform. If you're not sure which to choose, learn more about installing packages.
Source Distribution
Built Distribution
File details
Details for the file Flask-Allow-2.0.1.tar.gz.
File metadata
- Download URL: Flask-Allow-2.0.1.tar.gz
- Upload date:
- Size: 7.4 kB
- Tags: Source
- Uploaded using Trusted Publishing? No
- Uploaded via: twine/4.0.2 CPython/3.8.18
File hashes
| Algorithm | Hash digest | |
|---|---|---|
| SHA256 | 51babeea8190503be27b12cd613db7709a2f9ff2ccfe6bbff28cc392098689ad |
|
| MD5 | d6adab62a02037f758f05dc55a15def9 |
|
| BLAKE2b-256 | 6a066f60aa70f2a87a05745c41b05df4938334d422cdf48d00f1765bb4a05b8e |
File details
Details for the file Flask_Allow-2.0.1-py3-none-any.whl.
File metadata
- Download URL: Flask_Allow-2.0.1-py3-none-any.whl
- Upload date:
- Size: 7.9 kB
- Tags: Python 3
- Uploaded using Trusted Publishing? No
- Uploaded via: twine/4.0.2 CPython/3.8.18
File hashes
| Algorithm | Hash digest | |
|---|---|---|
| SHA256 | 4da1c3a7c0682bb840c2d0515b53a9942b28df75c4cbdb3b9319abc7636f7789 |
|
| MD5 | 4118882a5e999e4f4b1111b30bfe7791 |
|
| BLAKE2b-256 | 6be2df29dc048fcacb3f9392b1362a7d914fac3dd61efba9870066013d93a52c |
