Django security app - IP/email/country blocking, rate limiting, login tracking, auto-blocking
Project description
NAI Security
Django security package for IP blocking, country blocking, email blocking, rate limiting, and login tracking.
Features
- IP Blocking - Block specific IPs manually or automatically
- Country Blocking - Block/allow countries using GeoIP
- Email Blocking - Block disposable emails and specific addresses
- Domain Blocking - Block email domains (disposable, spam, etc.)
- User Agent Blocking - Block bots, scrapers, attack tools
- Rate Limiting - Custom rate limit rules per endpoint
- Login History - Track user logins with anomaly detection
- Auto-Blocking - Automatically block IPs/countries based on attack patterns
- Security Logs - Comprehensive logging of all security events
- ✅ Dynamic Login Attempt Limits - Configurable max login attempts via admin panel (integrates with django-axes)
Installation
pip install nai-security
Or install from GitHub:
pip install git+https://github.com/nematiai/nai-security.git
Or add to requirements.txt:
nai-security==1.5.1
Or from GitHub in requirements.txt:
git+https://github.com/nematiai/nai-security.git@main#egg=nai-security
Quick Start
1. Add to INSTALLED_APPS
INSTALLED_APPS = [
...
"nai_security",
]
2. Add Middleware
MIDDLEWARE = [
"django.middleware.security.SecurityMiddleware",
...
"nai_security.middleware.SecurityMiddleware", # After SecurityMiddleware
...
"nai_security.middleware.RateLimitLoggingMiddleware", # Near the end
]
### 3. Configure Settings
```python
# GeoIP database path
GEOIP_PATH = "/path/to/GeoLite2-Country.mmdb"
# Optional: Enable/disable middleware
SECURITY_MIDDLEWARE_ENABLED = True
RATELIMIT_MIDDLEWARE_ENABLED = True
4. Run Migrations
python manage.py makemigrations nai_security
python manage.py migrate
5. Download GeoIP Database
python manage.py download_geoip
Dependencies
Required:
- Django >= 4.2
- geoip2 >= 4.0
- redis >= 4.0
Optional:
- django-axes >= 6.0 (login attempt tracking)
- django-ratelimit >= 4.0 (rate limiting)
- django-import-export >= 3.0 (admin import/export)
- django-unfold >= 0.10 (admin theme)
Install all optional dependencies:
pip install nai-security[all]
Environment Variables
| Variable | Default | Description |
|---|---|---|
GEOIP_PATH |
./geoip/GeoLite2-Country.mmdb |
Path to GeoIP database |
SECURITY_MIDDLEWARE_ENABLED |
True |
Enable security middleware |
RATELIMIT_MIDDLEWARE_ENABLED |
True |
Enable rate limit logging |
Management Commands
# Download GeoIP database
python manage.py download_geoip
# Sync disposable email domains and bad bot lists
python manage.py sync_security_lists
python manage.py sync_security_lists --domains-only
python manage.py sync_security_lists --bots-only
Celery Tasks
Add to your Celery beat schedule:
CELERY_BEAT_SCHEDULE = {
'security-auto-blocks': {
'task': 'security.process_auto_blocks',
'schedule': crontab(minute='*/5'), # Every 5 minutes
},
'security-cleanup-expired': {
'task': 'security.cleanup_expired_blocks',
'schedule': crontab(minute=0, hour='*'), # Every hour
},
'security-sync-lists': {
'task': 'security.sync_security_lists',
'schedule': crontab(minute=0, hour=0, day_of_week=0), # Weekly
},
'security-daily-report': {
'task': 'security.generate_security_report',
'schedule': crontab(minute=0, hour=6), # Daily at 6 AM
},
}
Models
| Model | Description |
|---|---|
BlockedIP |
Blocked IP addresses |
BlockedCountry |
Blocked countries |
AllowedCountry |
Allowed countries (whitelist mode) |
BlockedEmail |
Blocked email addresses |
BlockedDomain |
Blocked email domains |
BlockedUserAgent |
Blocked user agents |
WhitelistedIP |
IPs that bypass all checks |
RateLimitRule |
Custom rate limit rules |
LoginHistory |
User login tracking |
SecurityLog |
Security event logs |
SecuritySettings |
Global settings (singleton) |
Axes Integration
To enable dynamic login attempt control:
# settings.py
AXES_HANDLER = 'nai_security.handlers.DynamicAxesHandler'
Now admins can change the lockout threshold in real-time via the Security Settings admin panel.
License
MIT License
Author
Ali Nemati - NEMATI AI
Release history Release notifications | RSS feed
Download files
Download the file for your platform. If you're not sure which to choose, learn more about installing packages.
Source Distribution
nai_security-1.6.0.tar.gz
(28.0 kB
view details)
Built Distribution
Filter files by name, interpreter, ABI, and platform.
If you're not sure about the file name format, learn more about wheel file names.
Copy a direct link to the current filters
File details
Details for the file nai_security-1.6.0.tar.gz.
File metadata
- Download URL: nai_security-1.6.0.tar.gz
- Upload date:
- Size: 28.0 kB
- Tags: Source
- Uploaded using Trusted Publishing? No
- Uploaded via: twine/6.2.0 CPython/3.13.9
File hashes
| Algorithm | Hash digest | |
|---|---|---|
| SHA256 |
c30acad48a27f6418db0d858033481d63f1cbd2d8fa5e5b52c83523088d52675
|
|
| MD5 |
062d74d924f5870555fad8344d70b198
|
|
| BLAKE2b-256 |
42ba7c54dabd05c60f0de383b5b8360f90faa7bd6fb6e4f789635d26b2f9b13e
|
File details
Details for the file nai_security-1.6.0-py3-none-any.whl.
File metadata
- Download URL: nai_security-1.6.0-py3-none-any.whl
- Upload date:
- Size: 38.9 kB
- Tags: Python 3
- Uploaded using Trusted Publishing? No
- Uploaded via: twine/6.2.0 CPython/3.13.9
File hashes
| Algorithm | Hash digest | |
|---|---|---|
| SHA256 |
bd0c79f04d27d77fc1f1d58db37a78f5dafdf541fed179ac61284f909419e493
|
|
| MD5 |
d84e7242433eb65bef8b75f083b9d0f8
|
|
| BLAKE2b-256 |
fdeb55d462ec3a8f8aa7b3fd2a724c7dfba5eb3f6345ee523090a1ef8d8ecf3e
|
