# Flask-Allow
Flask-Allow is an extension for Flask that adds support for white and/or black listing
IP addresses and/or IP networks and provide an access log to your application.
# Why this extension
Whenever the web application runs behind a reverse proxy that is located on a different system
in the network, you want to grant access to the proxy but exclude all other hosts in the network.
ALLOW: proxy-host.your.domain.tld
ALLOW: localhost
DENY: 0.0.0.0/0
These rules allow the host **proxy-host.your.domain.tld** and **localhost** to pass in to the web
application. **localhost** is there to give administrators access to the web application when
running on the same machine. The **0.0.0.0/0** blocks all other addresses.
Not the order in which you configure the rules is important. for example swaping **localhost** and
**0.0.0.0/0** shall exclude the **localhost**.
Why should you use a reverse proxy, read all about it in the
[Link](https://flask.palletsprojects.com/en/2.3.x/deploying/nginx/)
# Version
Currently this supports and is tested with Flask 2.x.x. therefore the version of this package
is version 2.0.x. Tested with Python version 3.8, 3.9, 3.10 and 3.11.
# Licence
Flask-Allow is licenced under GPL-2.0-only, see the LICENCE.md for more information.
# Installing
Install and update using pip.
```bash
$ pip install -U Flask-Allow
```
# Configuration
This extension has two configuration items:
* **ADDRESS_RESTRICTION**
* **ACCESS_LOG**
The attribute **ADDRESS_RESTRICTION** is a list of dictionaries with one or two items
* **ALLOW**; the IP address or network address to be granted access.
* **DENY**; the IP address or network address to be denied access.
For IP network addresses it must be coded as <IP-address>/<no-bits>, for example:
172.16.0.0/16
For allowing or denying single hosts you may even write the fqdn of the host you want to exclude;
DENY: test.example.com
ALLOW: prod.example.com
The attribute **ACCESS_LOG** may be a filename or a dictionary, it uses rotating file logger.
When using a dictionary the following items may be provided;
* **filename**; sets the filename for the access log.
* **maxBytes**; sets the maximum size of the log file, default is 5242880.
* **backupCount**; sets the maximum historical log files kept, default is 7.
* **formatter**; Sets the log file formatter, default is "%(asctime)s - %(levelname)7s - %(message)s"
The logger created is called **flask.allow**, when configured the log level is set the INFO.
# Simple example
The following example sets up a web server on host address 0.0.0.0 (all networks) with port 5000.
An access log is created and only the localhost address is allowed to enter the application, all
other addresses receive a HTTP 403 error.
```python
import flask
from flask_allow import FlaskAllow
app = flask.Flask( __name__ )
app.config[ 'ACCESS_LOG' ] = "access.log"
app.config[ 'ADDRESS_RESTRICTION' ] = [
{
"ALLOW": "127.0.0.1", # Allow localhost
"DENY": "0.0.0.0/0" # Deny the rest
}
]
FlaskAllow( app )
@app.route('/')
def index():
return "Hello world", 200
app.run( '0.0.0.0', 5000 )
```
**NOTE:** The class FlaskAllow should be initialized before any @before_request decorators
are being called, this to ensure that Flask-Allow is the first to check in incomming request.
The following log output is from the test_flask_allow.py script.
```log
2023-12-03 07:34:27,883 - INFO - Access log started
2023-12-03 07:34:28,886 - INFO - 127.0.0.1 allowed by rule 127.0.0.1/32 http://localhost:5000/
2023-12-03 07:34:28,893 - INFO - 127.0.0.1 allowed by rule 127.0.0.1/32 http://localhost:5000/ python-requests/2.31.0
2023-12-03 07:34:28,903 - ERROR - 192.168.110.2 denied by rule 0.0.0.0/0 http://matrix:5000/ python-requests/2.31.0
```
# Contributing
For guidance on setting up a development environment and how to make a contribution to
flask-access, see the contributing guidelines.
# Donate
The Pallets organization develops and supports Flask and other popular packages.
In order to grow the community of contributors and users, and allow the maintainers to devote
more time to the projects, [please donate today](https://palletsprojects.com/donate)
# Links
* [Changes](https://github.com/pe2mbs/flask-allow/CHANGED.md)
* [PyPI Releases](https://pypi.org/project/flask_allow/)
* [Source Code](https://github.com/pe2mbs/Flask-Allow)
* [Issue Tracker](https://github.com/pe2mbs/Flask-Allow/issues)
* [Website](https://github.com/pe2mbs/Flask-Allow)
Raw data
{
"_id": null,
"home_page": "https://github.com/pe2mbs/flask-allow",
"name": "Flask-Allow",
"maintainer": "",
"docs_url": null,
"requires_python": "",
"maintainer_email": "",
"keywords": "flask,white,black,list,access",
"author": "Marc Bertens-Nguyen",
"author_email": "m.bertens@pe2mbs.nl",
"download_url": "https://files.pythonhosted.org/packages/6a/06/6f60aa70f2a87a05745c41b05df4938334d422cdf48d00f1765bb4a05b8e/Flask-Allow-2.0.1.tar.gz",
"platform": null,
"description": "# Flask-Allow \nFlask-Allow is an extension for Flask that adds support for white and/or black listing \nIP addresses and/or IP networks and provide an access log to your application.\n\n# Why this extension\nWhenever the web application runs behind a reverse proxy that is located on a different system\nin the network, you want to grant access to the proxy but exclude all other hosts in the network.\n\n ALLOW: proxy-host.your.domain.tld\n ALLOW: localhost\n DENY: 0.0.0.0/0\n\nThese rules allow the host **proxy-host.your.domain.tld** and **localhost** to pass in to the web\napplication. **localhost** is there to give administrators access to the web application when \nrunning on the same machine. The **0.0.0.0/0** blocks all other addresses.\n\nNot the order in which you configure the rules is important. for example swaping **localhost** and\n**0.0.0.0/0** shall exclude the **localhost**.\n\nWhy should you use a reverse proxy, read all about it in the \n[Link](https://flask.palletsprojects.com/en/2.3.x/deploying/nginx/)\n\n\n# Version\nCurrently this supports and is tested with Flask 2.x.x. therefore the version of this package\nis version 2.0.x. Tested with Python version 3.8, 3.9, 3.10 and 3.11. \n\n\n# Licence\nFlask-Allow is licenced under GPL-2.0-only, see the LICENCE.md for more information.\n\n\n# Installing\nInstall and update using pip.\n\n```bash\n $ pip install -U Flask-Allow\n```\n\n\n# Configuration\nThis extension has two configuration items:\n* **ADDRESS_RESTRICTION**\n* **ACCESS_LOG**\n\nThe attribute **ADDRESS_RESTRICTION** is a list of dictionaries with one or two items\n* **ALLOW**; the IP address or network address to be granted access. \n* **DENY**; the IP address or network address to be denied access.\n\nFor IP network addresses it must be coded as <IP-address>/<no-bits>, for example:\n\n 172.16.0.0/16\n\nFor allowing or denying single hosts you may even write the fqdn of the host you want to exclude;\n\n DENY: test.example.com\n ALLOW: prod.example.com\n\nThe attribute **ACCESS_LOG** may be a filename or a dictionary, it uses rotating file logger. \nWhen using a dictionary the following items may be provided;\n* **filename**; sets the filename for the access log. \n* **maxBytes**; sets the maximum size of the log file, default is 5242880.\n* **backupCount**; sets the maximum historical log files kept, default is 7. \n* **formatter**; Sets the log file formatter, default is \"%(asctime)s - %(levelname)7s - %(message)s\" \n\nThe logger created is called **flask.allow**, when configured the log level is set the INFO.\n\n\n# Simple example\nThe following example sets up a web server on host address 0.0.0.0 (all networks) with port 5000.\nAn access log is created and only the localhost address is allowed to enter the application, all \nother addresses receive a HTTP 403 error.\n\n```python\nimport flask\nfrom flask_allow import FlaskAllow\n\napp = flask.Flask( __name__ )\napp.config[ 'ACCESS_LOG' ] = \"access.log\"\napp.config[ 'ADDRESS_RESTRICTION' ] = [\n {\n \"ALLOW\": \"127.0.0.1\", # Allow localhost\n \"DENY\": \"0.0.0.0/0\" # Deny the rest\n }\n]\nFlaskAllow( app )\n\n@app.route('/')\ndef index():\n return \"Hello world\", 200\n\napp.run( '0.0.0.0', 5000 )\n \n```\n**NOTE:** The class FlaskAllow should be initialized before any @before_request decorators\nare being called, this to ensure that Flask-Allow is the first to check in incomming request.\n\nThe following log output is from the test_flask_allow.py script. \n```log\n2023-12-03 07:34:27,883 - INFO - Access log started\n2023-12-03 07:34:28,886 - INFO - 127.0.0.1 allowed by rule 127.0.0.1/32 http://localhost:5000/ \n2023-12-03 07:34:28,893 - INFO - 127.0.0.1 allowed by rule 127.0.0.1/32 http://localhost:5000/ python-requests/2.31.0\n2023-12-03 07:34:28,903 - ERROR - 192.168.110.2 denied by rule 0.0.0.0/0 http://matrix:5000/ python-requests/2.31.0\n```\n\n\n# Contributing\nFor guidance on setting up a development environment and how to make a contribution to \nflask-access, see the contributing guidelines.\n\n\n# Donate\nThe Pallets organization develops and supports Flask and other popular packages. \nIn order to grow the community of contributors and users, and allow the maintainers to devote \nmore time to the projects, [please donate today](https://palletsprojects.com/donate)\n\n\n# Links\n* [Changes](https://github.com/pe2mbs/flask-allow/CHANGED.md)\n* [PyPI Releases](https://pypi.org/project/flask_allow/)\n* [Source Code](https://github.com/pe2mbs/Flask-Allow)\n* [Issue Tracker](https://github.com/pe2mbs/Flask-Allow/issues)\n* [Website](https://github.com/pe2mbs/Flask-Allow)\n",
"bugtrack_url": null,
"license": "GPL 2.0-only",
"summary": "Flask-Allow allows white/black listing of ip addresses/networks and providing access log.",
"version": "2.0.1",
"project_urls": {
"Homepage": "https://github.com/pe2mbs/flask-allow"
},
"split_keywords": [
"flask",
"white",
"black",
"list",
"access"
],
"urls": [
{
"comment_text": "",
"digests": {
"blake2b_256": "6be2df29dc048fcacb3f9392b1362a7d914fac3dd61efba9870066013d93a52c",
"md5": "4118882a5e999e4f4b1111b30bfe7791",
"sha256": "4da1c3a7c0682bb840c2d0515b53a9942b28df75c4cbdb3b9319abc7636f7789"
},
"downloads": -1,
"filename": "Flask_Allow-2.0.1-py3-none-any.whl",
"has_sig": false,
"md5_digest": "4118882a5e999e4f4b1111b30bfe7791",
"packagetype": "bdist_wheel",
"python_version": "py3",
"requires_python": null,
"size": 7925,
"upload_time": "2023-12-03T08:44:21",
"upload_time_iso_8601": "2023-12-03T08:44:21.955956Z",
"url": "https://files.pythonhosted.org/packages/6b/e2/df29dc048fcacb3f9392b1362a7d914fac3dd61efba9870066013d93a52c/Flask_Allow-2.0.1-py3-none-any.whl",
"yanked": false,
"yanked_reason": null
},
{
"comment_text": "",
"digests": {
"blake2b_256": "6a066f60aa70f2a87a05745c41b05df4938334d422cdf48d00f1765bb4a05b8e",
"md5": "d6adab62a02037f758f05dc55a15def9",
"sha256": "51babeea8190503be27b12cd613db7709a2f9ff2ccfe6bbff28cc392098689ad"
},
"downloads": -1,
"filename": "Flask-Allow-2.0.1.tar.gz",
"has_sig": false,
"md5_digest": "d6adab62a02037f758f05dc55a15def9",
"packagetype": "sdist",
"python_version": "source",
"requires_python": null,
"size": 7399,
"upload_time": "2023-12-03T08:44:23",
"upload_time_iso_8601": "2023-12-03T08:44:23.745635Z",
"url": "https://files.pythonhosted.org/packages/6a/06/6f60aa70f2a87a05745c41b05df4938334d422cdf48d00f1765bb4a05b8e/Flask-Allow-2.0.1.tar.gz",
"yanked": false,
"yanked_reason": null
}
],
"upload_time": "2023-12-03 08:44:23",
"github": true,
"gitlab": false,
"bitbucket": false,
"codeberg": false,
"github_user": "pe2mbs",
"github_project": "flask-allow",
"travis_ci": false,
"coveralls": false,
"github_actions": true,
"requirements": [],
"lcname": "flask-allow"
}
JSON
