Skip to main content

Python connector for the Shadow Daemon web application firewall

Project description

http://shadowd.zecure.org/img/logo_small.png

Shadow Daemon is a collection of tools to detect, record and prevent attacks on web applications. Technically speaking, Shadow Daemon is a web application firewall that intercepts requests and filters out malicious parameters. It is a modular system that separates web application, analysis and interface to increase security, flexibility and expandability.

This component can be used to connect Python applications with the background server.

Documentation

For the full documentation please refer to shadowd.zecure.org.

Installation

You can install the package with easy_install or pip:

easy_install shadowd
pip install shadowd

It is also possible to clone this repository and install the package manually:

python setup.py install

You also have to create a configuration file. You can copy misc/examples/connectors.ini to /etc/shadowd/connectors.ini. The example configuration is annotated and should be self-explanatory.

CGI

To protect CGI applications you simply have to load the module:

import shadowd.cgi_connector

Django

Django applications require a small modification. It is necessary to create a hook to intercept requests. To do this create the file middleware/shadowdconnector.py in the application directory:

from shadowd.django_connector import InputDjango, OutputDjango, Connector

class ShadowdConnectorMiddleware(object):
    def process_request(self, request):
        input = InputDjango(request)
        output = OutputDjango()

        status = Connector().start(input, output)
        if not status == True:
            return status

There also has to be an empty __init__.py file in the middleware directory. Next you have to register the middleware in the settings.py file of your application:

MIDDLEWARE_CLASSES = (
    'middleware.shadowdconnector.ShadowdConnectorMiddleware',
    # ...
)

The connector should be at the beginning of the MIDDLEWARE_CLASSES list.

Flask

Flask applications require a small modification as well. It is necessary to create a hook to intercept requests:

from shadowd.flask_connector import InputFlask, OutputFlask, Connector

@app.before_request
def before_req():
    input = InputFlask(request)
    output = OutputFlask()

    Connector().start(input, output)

Project details


Release history Release notifications

This version
History Node

2.0.0

History Node

1.2.0

History Node

1.1.1

History Node

1.1.0

History Node

1.0.1

History Node

1.0.0

Download files

Download the file for your platform. If you're not sure which to choose, learn more about installing packages.

Filename, size & hash SHA256 hash help File type Python version Upload date
shadowd-2.0.0-py2-none-any.whl (13.0 kB) Copy SHA256 hash SHA256 Wheel py2 Jan 12, 2016

Supported by

Elastic Elastic Search Pingdom Pingdom Monitoring Google Google BigQuery Sentry Sentry Error logging CloudAMQP CloudAMQP RabbitMQ AWS AWS Cloud computing Fastly Fastly CDN DigiCert DigiCert EV certificate StatusPage StatusPage Status page