Django security app - IP/email/country blocking, rate limiting, login tracking, auto-blocking
Project description
NAI Security
Django security package for IP blocking, country blocking, email blocking, rate limiting, and login tracking.
Features
- IP Blocking - Block specific IPs manually or automatically
- Country Blocking - Block/allow countries using GeoIP
- Email Blocking - Block disposable emails and specific addresses
- Domain Blocking - Block email domains (disposable, spam, etc.)
- User Agent Blocking - Block bots, scrapers, attack tools
- Rate Limiting - Custom rate limit rules per endpoint
- Login History - Track user logins with anomaly detection
- Auto-Blocking - Automatically block IPs/countries based on attack patterns
- Security Logs - Comprehensive logging of all security events
- Axes Integration - Dynamic login attempt limits, cooloff time, and per-attempt expiry via admin panel (requires django-axes >= 8.3)
- Whitelisted Users - Exempt specific users from security checks
Installation
pip install nai-security
With all optional dependencies:
pip install nai-security[all]
Or install from GitHub:
pip install git+https://github.com/nematiai/nai-security.git
Quick Start
1. Add to INSTALLED_APPS
INSTALLED_APPS = [
...
"nai_security",
]
2. Add Middleware
MIDDLEWARE = [
"django.middleware.security.SecurityMiddleware",
...
"nai_security.middleware.SecurityMiddleware",
...
"nai_security.middleware.RateLimitLoggingMiddleware",
]
3. Configure Settings
GEOIP_PATH = "/path/to/GeoLite2-Country.mmdb"
4. Run Migrations
python manage.py migrate
5. Download GeoIP Database
python manage.py download_geoip
Dependencies
Required:
- Django >= 4.2
- geoip2 >= 4.0
- redis >= 4.0
Optional:
- django-axes >= 8.3 (login attempt tracking and lockout)
- django-ratelimit >= 4.0 (rate limiting)
- django-import-export >= 3.0 (admin import/export)
- django-unfold >= 0.10 (admin theme)
Axes Integration
Enable brute-force protection with dynamic settings controlled from the admin panel:
# settings.py
INSTALLED_APPS = [
...
"axes",
"nai_security",
]
AXES_HANDLER = 'nai_security.handlers.axes_integration.DynamicAxesHandler'
AUTHENTICATION_BACKENDS = [
'axes.backends.AxesStandaloneBackend',
'django.contrib.auth.backends.ModelBackend',
]
This gives you admin-configurable control over:
| Setting | Description |
|---|---|
| Max login attempts | Failed attempts before lockout (default: 5) |
| Cooloff time | Minutes before locked accounts auto-unlock (0 = permanent) |
| Attempt expiry | Each failed attempt expires independently |
All changes take effect immediately — no server restart required.
Management Commands
# Download GeoIP database
python manage.py download_geoip
# Sync disposable email domains and bad bot lists
python manage.py sync_security_lists
python manage.py sync_security_lists --domains-only
python manage.py sync_security_lists --bots-only
Celery Tasks
from celery.schedules import crontab
CELERY_BEAT_SCHEDULE = {
'security-auto-blocks': {
'task': 'security.process_auto_blocks',
'schedule': crontab(minute='*/5'),
},
'security-cleanup-expired': {
'task': 'security.cleanup_expired_blocks',
'schedule': crontab(minute=0, hour='*'),
},
'security-sync-lists': {
'task': 'security.sync_security_lists',
'schedule': crontab(minute=0, hour=0, day_of_week=0),
},
'security-daily-report': {
'task': 'security.generate_security_report',
'schedule': crontab(minute=0, hour=6),
},
}
Models
| Model | Description |
|---|---|
BlockedIP |
Blocked IP addresses |
BlockedCountry |
Blocked countries |
AllowedCountry |
Allowed countries (whitelist mode) |
BlockedEmail |
Blocked email addresses |
BlockedDomain |
Blocked email domains |
BlockedUserAgent |
Blocked user agents |
WhitelistedIP |
IPs that bypass all checks |
WhitelistedUser |
Users exempted from security checks |
RateLimitRule |
Custom rate limit rules |
LoginHistory |
User login tracking |
SecurityLog |
Security event logs |
SecuritySettings |
Global settings (singleton) |
Testing
DJANGO_SETTINGS_MODULE=tests.settings python -m pytest tests/ -v
License
MIT License
Author
Ali Nemati - NEMATI AI
Release history Release notifications | RSS feed
Download files
Download the file for your platform. If you're not sure which to choose, learn more about installing packages.
Source Distribution
nai_security-1.7.0.tar.gz
(33.9 kB
view details)
Built Distribution
Filter files by name, interpreter, ABI, and platform.
If you're not sure about the file name format, learn more about wheel file names.
Copy a direct link to the current filters
File details
Details for the file nai_security-1.7.0.tar.gz.
File metadata
- Download URL: nai_security-1.7.0.tar.gz
- Upload date:
- Size: 33.9 kB
- Tags: Source
- Uploaded using Trusted Publishing? No
- Uploaded via: twine/6.2.0 CPython/3.13.9
File hashes
| Algorithm | Hash digest | |
|---|---|---|
| SHA256 |
99c29651acb83976f960750b334097748ec5290e5040b402663955dbbb2d3c97
|
|
| MD5 |
e8f451c5a5d56c8c02aea3691b1cfb2c
|
|
| BLAKE2b-256 |
969c6444e00252ca4b6965aac5826c2ede2d099510174c577df19df54142d94d
|
File details
Details for the file nai_security-1.7.0-py3-none-any.whl.
File metadata
- Download URL: nai_security-1.7.0-py3-none-any.whl
- Upload date:
- Size: 41.6 kB
- Tags: Python 3
- Uploaded using Trusted Publishing? No
- Uploaded via: twine/6.2.0 CPython/3.13.9
File hashes
| Algorithm | Hash digest | |
|---|---|---|
| SHA256 |
384f2ca0f1cb7241f0442430d894813d6fc1d9fe4869aa468a811d8b9da67171
|
|
| MD5 |
7b10365af568f0287cef67c7a0356329
|
|
| BLAKE2b-256 |
c9c8dfd1bb4edf9ac5f0d92b264f1c1b02db049884915da51adb24b500fd5704
|
