Django security app - IP/email/country blocking, rate limiting, login tracking, auto-blocking
Project description
NAI Security
Django security package for IP blocking, country blocking, email blocking, rate limiting, and login tracking.
Features
- IP Blocking - Block specific IPs manually or automatically
- Country Blocking - Block/allow countries using GeoIP
- Email Blocking - Block disposable emails and specific addresses
- Domain Blocking - Block email domains (disposable, spam, etc.)
- User Agent Blocking - Block bots, scrapers, attack tools
- Rate Limiting - Custom rate limit rules per endpoint
- Login History - Track user logins with anomaly detection
- Auto-Blocking - Automatically block IPs/countries based on attack patterns
- Security Logs - Comprehensive logging of all security events
- Axes Integration - Dynamic login attempt limits, cooloff time, and per-attempt expiry via admin panel (requires django-axes >= 8.3)
- Whitelisted Users - Exempt specific users from security checks
Installation
pip install nai-security
With all optional dependencies:
pip install nai-security[all]
Or install from GitHub:
pip install git+https://github.com/nematiai/nai-security.git
Quick Start
1. Add to INSTALLED_APPS
INSTALLED_APPS = [
...
"nai_security",
]
2. Add Middleware
MIDDLEWARE = [
"django.middleware.security.SecurityMiddleware",
...
"nai_security.middleware.SecurityMiddleware",
...
"nai_security.middleware.RateLimitLoggingMiddleware",
]
3. Configure Settings
GEOIP_PATH = "/path/to/GeoLite2-Country.mmdb"
4. Run Migrations
python manage.py migrate
5. Download GeoIP Database
python manage.py download_geoip
Dependencies
Required:
- Django >= 4.2
- geoip2 >= 4.0
- redis >= 4.0
Optional:
django-axes >= 8.3— login attempt tracking and lockout; without it axes features are silently disableddjango-ratelimit >= 4.0— rate limiting per endpointdjango-import-export >= 3.0— admin import/export for blocked emails/domains; without it those buttons are hiddendjango-unfold >= 0.10— admin UI theme; without it falls back to standard Django admincelery— background tasks (auto-block processing, sync, reports); without it tasks are no-ops
Axes Integration
Enable brute-force protection with dynamic settings controlled from the admin panel:
# settings.py
INSTALLED_APPS = [
...
"axes",
"nai_security",
]
AXES_HANDLER = 'nai_security.handlers.axes_integration.DynamicAxesHandler'
AUTHENTICATION_BACKENDS = [
'axes.backends.AxesStandaloneBackend',
'django.contrib.auth.backends.ModelBackend',
]
This gives you admin-configurable control over:
| Setting | Description |
|---|---|
| Max login attempts | Failed attempts before lockout (default: 5) |
| Cooloff time | Minutes before locked accounts auto-unlock (0 = permanent) |
| Attempt expiry | Each failed attempt expires independently — requires cooloff > 0 |
All changes take effect immediately — no server restart required.
Validation: Enabling attempt expiry with cooloff set to 0 will raise a validation error in the admin panel.
Management Commands
# Download GeoIP database
python manage.py download_geoip
# Sync disposable email domains and bad bot lists
python manage.py sync_security_lists
python manage.py sync_security_lists --domains-only
python manage.py sync_security_lists --bots-only
Celery Tasks
from celery.schedules import crontab
CELERY_BEAT_SCHEDULE = {
'security-auto-blocks': {
'task': 'security.process_auto_blocks',
'schedule': crontab(minute='*/5'),
},
'security-cleanup-expired': {
'task': 'security.cleanup_expired_blocks',
'schedule': crontab(minute=0, hour='*'),
},
'security-sync-lists': {
'task': 'security.sync_security_lists',
'schedule': crontab(minute=0, hour=0, day_of_week=0),
},
'security-daily-report': {
'task': 'security.generate_security_report',
'schedule': crontab(minute=0, hour=6),
},
}
Models
| Model | Description |
|---|---|
BlockedIP |
Blocked IP addresses |
BlockedCountry |
Blocked countries |
AllowedCountry |
Allowed countries (whitelist mode) |
BlockedEmail |
Blocked email addresses |
BlockedDomain |
Blocked email domains |
BlockedUserAgent |
Blocked user agents |
WhitelistedIP |
IPs that bypass all checks |
WhitelistedUser |
Users exempted from security checks |
RateLimitRule |
Custom rate limit rules |
LoginHistory |
User login tracking |
SecurityLog |
Security event logs |
SecuritySettings |
Global settings (singleton) |
Testing
python -m pytest
License
MIT License
Author
Ali Nemati - NEMATI AI
Release history Release notifications | RSS feed
Download files
Download the file for your platform. If you're not sure which to choose, learn more about installing packages.
Source Distribution
nai_security-1.9.0.tar.gz
(41.7 kB
view details)
Built Distribution
Filter files by name, interpreter, ABI, and platform.
If you're not sure about the file name format, learn more about wheel file names.
Copy a direct link to the current filters
File details
Details for the file nai_security-1.9.0.tar.gz.
File metadata
- Download URL: nai_security-1.9.0.tar.gz
- Upload date:
- Size: 41.7 kB
- Tags: Source
- Uploaded using Trusted Publishing? No
- Uploaded via: twine/6.2.0 CPython/3.13.9
File hashes
| Algorithm | Hash digest | |
|---|---|---|
| SHA256 |
f267cf792368d8767e2ee792ee2d0a196e82426611d70fb9ec3c8dd07079a163
|
|
| MD5 |
e47829dbb092445092f9790e359d2d12
|
|
| BLAKE2b-256 |
d7077f9d9dacc8a0c50266c2c82a1a1ae1e054ac6ae395cfd4c942d26c4ff0e9
|
File details
Details for the file nai_security-1.9.0-py3-none-any.whl.
File metadata
- Download URL: nai_security-1.9.0-py3-none-any.whl
- Upload date:
- Size: 44.4 kB
- Tags: Python 3
- Uploaded using Trusted Publishing? No
- Uploaded via: twine/6.2.0 CPython/3.13.9
File hashes
| Algorithm | Hash digest | |
|---|---|---|
| SHA256 |
a33bc8b8d7618bf58a271dc117c6d7cb603d7d3a443ac74457844fc6bec53483
|
|
| MD5 |
6f6f03c43dd3a371ef57f83f5174a7ef
|
|
| BLAKE2b-256 |
b3c832418beb685b1c5aed360bfdd99dd5395f905155552da54cbaad908ac008
|
