Skip to main content

Django middleware for blocking IPs listed in

Project description

Tired of comment spam, form spam and dumb crawlers? A django application that provides middleware for blocking IPs listed in’s database. It only reacts on POST requests, so don’t worry about a huge table of rules having to be passed at every request. It’s quite painless.

A simple management command is provided for updating the database from sfsupdate [--force]

Using this command, all IPs are stored in Django models, and using django-admin, it’s possible to add your own extra IP addresses on a permanent database.


  • Django 1.7+
  • Python 2.7 and 3+


  1. Install the latest release from pypi:

    sudo pip install stopforumspam
  2. Add this to settings.MIDDLEWARE_CLASSES:

  3. Then add this to INSTALLED_APPS:

  4. And run:

    python syncdb
  5. To insert all the IPs run this command, which you should make a cronjob (run it every 24h):

    python sfsupdate


The following options exist for your project’s file:

To check ALL POST requests:


To ignore some URLS:

SFS_URLS_IGNORE = ["url_name", "/url/path"]

To only include some URLS (only works if SFS_ALL_POST_REQUEST=False):

SFS_URLS_INCLUDE = ["url_name", "/url/path"]

If your application is behind a set of proxy, you can use a specific HTTP Header as a source of the client IP:

SFS_HTTP_HEADER = "X-Forwarded-For"

Synching with

Be nice to their servers and remember that they have strict enforcements on the files that they offer. So before you start testing, you could consider using a local file as a test.

To configure where to download the file from (you can MAX download 2 times a day) - see for more resources:


But you should really use a local file if you have more than 1 Django project with stopforumspam running from the same IP address. To do this, use a local protocol:

SFS_SOURCE_ZIP = "file:///path/to/"

You can control how often at most the update should be performed:


…and how long back the log should remember the rejection of POSTS and IPs:

SFS_LOG_EXPIRE = 1 #days

Remember to configure this as well – it’s the name of the file inside the .zip file:

SFS_ZIP_FILENAME = "listed_ip_7.txt"

For testing you can force all requests to be checked:


Cron Jobs

You probably want to automatically update the list of blocked IP addresses every 24 hours or 48 hours. To do that, you can insert a line in crontab:

0 2 * * * python /your/project/path/ sfsupdate -q

The above would update at 2 AM every night. If you have several projects and sync them with a local file, you can add:

0 2 * * * wget -O /tmp/ ; python /your/project/path/ sfsupdate -q

Project details

Download files

Download the file for your platform. If you're not sure which to choose, learn more about installing packages.

Filename, size & hash SHA256 hash help File type Python version Upload date
stopforumspam-1.8-py2.py3-none-any.whl (9.6 kB) Copy SHA256 hash SHA256 Wheel py2.py3 May 9, 2017
stopforumspam-1.8.tar.gz (6.9 kB) Copy SHA256 hash SHA256 Source None May 9, 2017

Supported by

Elastic Elastic Search Pingdom Pingdom Monitoring Google Google BigQuery Sentry Sentry Error logging AWS AWS Cloud computing DataDog DataDog Monitoring Fastly Fastly CDN DigiCert DigiCert EV certificate StatusPage StatusPage Status page