Django Banish Plus is a Django middleware app to banish user agents by IP address or User Agent Header. It also supports basic abuse prevention by automatically banning users if they exceed a certain number of requests per minute, which is likely some form of attack or attempted denial of service.
Django Banish Plus stores all banishments in memory to avoid database lookups on every request. It requires memcached, especially for the IP abuse monitoring feature.
Django Banish Plus is based on Django Banish package by Yousef Ourabi.
- Banish requests, by IP or user agent header included blacklist.
- Avoid banish request by whitelist.
- Banish request from TOR network, using TOR IPS database.
- The banish action is configurable, (403 response, redirect or custom template).
- Python 2.7
- Django 1.11
- Memcache or Redis cache system.
- Celery
- celery: 4.1.0
- redis: 2.10.6
- django-redis-cache: 1.7.1
$ git clone https://github.com/intelligenia/django-banish-plus
pip install -e git://github.com/intelligenia/django-banish-plus.git#egg=django-banish-plus
- Link to config mencached cache system in Django enviroment
- Link to config redis cache system in Django enviroment
Install django-banish. Make sure it is on your PYTHONPATH or in your django project directory.
In your django project settings.py you must set the following options:
-
Add
'banish.middleware.BanishMiddleware'toMIDDLEWARE_CLASSES -
Add
'banish'toINSTALLED_APPS -
Run
manage.py migrateto apply database changes and create new tables. -
Add
BANISH_ENABLED = Trueto enable Django-Banish (handy if you lock yourself out, you can just set this to False) -
ADD BANISH_EMPTY_UA = True|Falseto specify wether requests without a USER_AGENT header will be banned. -
Optionally set
DEFAULT_BANISH_ABUSE_THRESHOLD(default is 100000) to the threshold of requests per minute -
Optionally set
BANISH_MESSAGE(default is "You are banned.") to change default message for banned user. -
Optionally set
BANISH_URL_REDIRECTto set url to redirect if request is banish. -
Optionally set
BANISH_TEMPLATREto render a custom template if request is banish. -
Optionally set
BANISH_RESTRICT_FILTER= True|False (default False), to specific url patch where banish is applied. -
BANISH_ABUSE_THRESHOLD_TO_URLarray whit dict "url path" and "threshold" -
Set
BANISH_ONLY_WHITELIST = True|Falseto allow only request from whitelist. -
Set
BANISH_TOR_IPS = True|Falseto banish TOR request. -
Set
TOR_IPS_DATABASEwith tor ips database, (example,TOR_IPS_DATABASE = "http://torstatus.blutmagie.de/ip_list_exit.php/Tor_ip_list_EXIT.csv") -
Set
TOR_CACHE_KEYwith cache key. (exampleTOR_CACHE_KEY = "tor-ip-exit-list")
BANISH_ENABLED = False
BANISH_EMPTY_UA = True
BANISH_RESTRICT_FILTER = True
DEFAULT_BANISH_ABUSE_THRESHOLD = 10000
BANISH_ABUSE_THRESHOLD_TO_URL = [
{u'url': u'/api/v1/', u'name':'v1', u'threshold': 100},
{u'url': u'/api/v2/', u'name':'v2', u'threshold': 100},
{u'url': u'/api/v3/', u'name':'v3', u'threshold': 10},
{u'url': u'/api/v4/', u'name':'v4', u'threshold': 5}
]
BANISH_TOR_IPS = True
BANISH_ONLY_WHITELIST = False
TOR_IPS_DATABASE = u"http://torstatus.blutmagie.de/ip_list_exit.php/Tor_ip_list_EXIT.csv"
TOR_CACHE_KEY = u"tor-ip-exit-list"
BANISH_MESSAGE = u"{'msg': 'Banish Access'}"
Django Banish Plus is released under the Apache Software License, Version 2.0
Licensed under the Apache License, Version 2.0 (the "License"); you may not use this file except in compliance with the License. You may obtain a copy of the License at http://www.apache.org/licenses/LICENSE-2.0
Unless required by applicable law or agreed to in writing, software distributed under the License is distributed on an "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
See the License for the specific language governing permissions and limitations under the License.