# request_filters
A sort of software firewall for your django application which provides advances capabilities for blocking or logging requests at runtime.
Only for use in wagtail projects - might support django-only in the future.
## Supports filtering based on:
* IP
* USER_AGENT
* PATH
* QUERY_STRING
* REFERER
* COUNTRY
* METHOD
* HEADER
## Matching based on:
* Absolute (== in most cases. Differs for: IP (Checks subnet if cidr provided), COUNTRY (Checks country code or name as returned by GeoIP2))
* Glob (fnmatch)
* Regex (re)
* In (IP based on cidr, splits most `filter_value`'s' by comma and checks if the request's value is in the list)
## Admin Views
Has a a view to easy analyse the behaviour of filters overall in a chart.
# Quick start
---
1. Add 'request_filters' to your INSTALLED_APPS setting like this:
```
INSTALLED_APPS = [
...,
'request_filters',
]
```
2. Add `request_filters.middleware.RequestFilterMiddleware` to your `MIDDLEWARE` as the **FIRST ENTRY**.
```
MIDDLEWARE = [
'request_filters.middleware.RequestFilterMiddleware',
...,
]
```
3. See the [options](#Options) section for more information on how to configure the app.
4. Log into your wagtail admin and configure your filters.
# Options
#### GeoIP2
You must appropriately configure django geoip2.
More information on how this can be done is found [here.](https://docs.djangoproject.com/en/5.0/ref/contrib/gis/geoip2/)
#### EXCLUDED_APPS
List of excluded apps, all requests to these apps will be allowed (If resolver_match is available).
Exclusions should preferably happen via IP ranges or absolute IPs.
```
REQUEST_FILTERS_EXCLUDED_APPS: list[str] = [
"admin",
]
```
#### EXCLUDED_PATHS
Excluded paths, all requests to these paths will skip filtering
Paths should be in the format of a glob pattern.
Exclusions should preferably happen via IP ranges or absolute IPs.
```
REQUEST_FILTERS_EXCLUDED_PATHS: list[str] = [
"/admin/*",
f"{getattr(settings, 'STATIC_URL', '/static/')}*",
f"{getattr(settings, 'MEDIA_URL', '/media/')}*",
]
```
#### EXCLUDED_IPS
Excluded IP addresses, all requests from these IPs will be allowed.
```
# This is the safest way to exclude requests from being filtered.
REQUEST_FILTERS_EXCLUDED_IPS: list[str] = [
"127.0.0.0/8", "::1/128",
]
```
#### Caching
Caching settings and their defaults.
```
# Default cache backend to use for storing settings and filters
REQUEST_FILTERS_CACHE_BACKEND: str = "default"
# Namespaces for cache keys.
REQUEST_FILTERS_SETTINGS_CACHE_KEY: str = "request_filters_settings"
REQUEST_FILTERS_FILTERS_CACHE_KEY: str = "request_filters_filters"
# Timeout the cache for the filter settings for 5 minutes by default
REQUEST_FILTERS_SETTINGS_CACHE_TIMEOUT: timezone.timedelta = timezone.timedelta(minutes=5)
# Timeout the cache for the filters for 1 hour by default
REQUEST_FILTERS_FILTERS_CACHE_TIMEOUT: timezone.timedelta = timezone.timedelta(hours=1)
# Clear cache when settings are saved
REQUEST_FILTERS_CLEAR_CACHE_ON_SAVE_SETTINGS: bool = True
# Clear cache when filters are saved
REQUEST_FILTERS_CLEAR_CACHE_ON_SAVE_FILTERS: bool = True
```
#### Exception Message
**Message shown when a filter raises an exception, or blocks the request.**
```
REQUEST_FILTERS_BLOCK_MESSAGE: str = _("You are not allowed to access this resource")
```
#### Filter Headers
Add headers to the response which displays minimal information about the filters.
```
REQUEST_FILTERS_ADD_FILTER_HEADERS: bool = True # Add headers to the response which displays minimal information about the filters.
```
#### Create a log entry for requests which have passed all filters.
**Not recommended for production.**
```
REQUEST_FILTERS_LOG_HAPPY_PATH: bool = False # Log requests that are allowed by the filters
```
#### Default values for the check and action functions.
```
REQUEST_FILTERS_DEFAULT_CHECK_VALUE: Union[bool, callable] = True # Allow checks to pass by default
REQUEST_FILTERS_DEFAULT_ACTION_VALUE: callable = lambda self, filter, settings, request, get_response: HttpResponseForbidden(
_("You are not allowed to access this resource")
)
```
#### Registering menu items
```
REQUEST_FILTERS_REGISTER_TO_MENU: str = "register_settings_menu_item" # Register to a menu hook.
```
Raw data
{
"_id": null,
"home_page": "https://github.com/Nigel2392/request_filters",
"name": "request-filters",
"maintainer": "",
"docs_url": null,
"requires_python": ">=3.8",
"maintainer_email": "",
"keywords": "",
"author": "Nigel",
"author_email": "nigel@goodadvice.it",
"download_url": "https://files.pythonhosted.org/packages/21/fa/4a854add2e72fdfa5d25edd5d1b9c5f61a8cb22c454591572feea158c1b0/request_filters-1.4.9.tar.gz",
"platform": null,
"description": "# request_filters\r\n\r\n\r\n\r\nA sort of software firewall for your django application which provides advances capabilities for blocking or logging requests at runtime.\r\nOnly for use in wagtail projects - might support django-only in the future.\r\n\r\n## Supports filtering based on:\r\n\r\n* IP\r\n* USER_AGENT\r\n* PATH\r\n* QUERY_STRING\r\n* REFERER\r\n* COUNTRY\r\n* METHOD\r\n* HEADER\r\n\r\n## Matching based on:\r\n\r\n* Absolute (== in most cases. Differs for: IP (Checks subnet if cidr provided), COUNTRY (Checks country code or name as returned by GeoIP2))\r\n* Glob (fnmatch)\r\n* Regex (re)\r\n* In (IP based on cidr, splits most `filter_value`'s' by comma and checks if the request's value is in the list)\r\n\r\n## Admin Views\r\n\r\nHas a a view to easy analyse the behaviour of filters overall in a chart.\r\n\r\n# Quick start\r\n\r\n---\r\n\r\n1. Add 'request_filters' to your INSTALLED_APPS setting like this:\r\n\r\n ```\r\n INSTALLED_APPS = [\r\n ...,\r\n 'request_filters',\r\n ]\r\n ```\r\n2. Add `request_filters.middleware.RequestFilterMiddleware` to your `MIDDLEWARE` as the **FIRST ENTRY**.\r\n\r\n ```\r\n MIDDLEWARE = [\r\n \t'request_filters.middleware.RequestFilterMiddleware',\r\n \t...,\r\n ]\r\n ```\r\n3. See the [options](#Options) section for more information on how to configure the app.\r\n4. Log into your wagtail admin and configure your filters.\r\n\r\n# Options\r\n\r\n#### GeoIP2\r\n\r\nYou must appropriately configure django geoip2.\r\n\r\nMore information on how this can be done is found [here.](https://docs.djangoproject.com/en/5.0/ref/contrib/gis/geoip2/)\r\n\r\n#### EXCLUDED_APPS\r\n\r\nList of excluded apps, all requests to these apps will be allowed (If resolver_match is available).\r\nExclusions should preferably happen via IP ranges or absolute IPs.\r\n\r\n```\r\n REQUEST_FILTERS_EXCLUDED_APPS: list[str] = [\r\n \"admin\",\r\n ]\r\n```\r\n\r\n#### EXCLUDED_PATHS\r\n\r\nExcluded paths, all requests to these paths will skip filtering\r\n\r\nPaths should be in the format of a glob pattern.\r\nExclusions should preferably happen via IP ranges or absolute IPs.\r\n\r\n```\r\n REQUEST_FILTERS_EXCLUDED_PATHS: list[str] = [\r\n \"/admin/*\",\r\n f\"{getattr(settings, 'STATIC_URL', '/static/')}*\",\r\n f\"{getattr(settings, 'MEDIA_URL', '/media/')}*\",\r\n ]\r\n```\r\n\r\n#### EXCLUDED_IPS\r\n\r\nExcluded IP addresses, all requests from these IPs will be allowed.\r\n\r\n```\r\n # This is the safest way to exclude requests from being filtered.\r\n REQUEST_FILTERS_EXCLUDED_IPS: list[str] = [\r\n \"127.0.0.0/8\", \"::1/128\",\r\n ]\r\n```\r\n\r\n#### Caching\r\n\r\nCaching settings and their defaults.\r\n\r\n```\r\n# Default cache backend to use for storing settings and filters\r\nREQUEST_FILTERS_CACHE_BACKEND: str = \"default\"\r\n\r\n# Namespaces for cache keys.\r\nREQUEST_FILTERS_SETTINGS_CACHE_KEY: str = \"request_filters_settings\"\r\nREQUEST_FILTERS_FILTERS_CACHE_KEY: str = \"request_filters_filters\"\r\n\r\n# Timeout the cache for the filter settings for 5 minutes by default\r\nREQUEST_FILTERS_SETTINGS_CACHE_TIMEOUT: timezone.timedelta = timezone.timedelta(minutes=5)\r\n\r\n# Timeout the cache for the filters for 1 hour by default\r\nREQUEST_FILTERS_FILTERS_CACHE_TIMEOUT: timezone.timedelta = timezone.timedelta(hours=1)\r\n\r\n# Clear cache when settings are saved\r\nREQUEST_FILTERS_CLEAR_CACHE_ON_SAVE_SETTINGS: bool = True\r\n\r\n# Clear cache when filters are saved\r\nREQUEST_FILTERS_CLEAR_CACHE_ON_SAVE_FILTERS: bool = True\r\n```\r\n\r\n#### Exception Message\r\n\r\n**Message shown when a filter raises an exception, or blocks the request.**\r\n\r\n```\r\nREQUEST_FILTERS_BLOCK_MESSAGE: str = _(\"You are not allowed to access this resource\")\r\n```\r\n\r\n#### Filter Headers\r\n\r\nAdd headers to the response which displays minimal information about the filters.\r\n\r\n```\r\nREQUEST_FILTERS_ADD_FILTER_HEADERS: bool = True # Add headers to the response which displays minimal information about the filters.\r\n```\r\n\r\n#### Create a log entry for requests which have passed all filters.\r\n\r\n**Not recommended for production.**\r\n\r\n```\r\nREQUEST_FILTERS_LOG_HAPPY_PATH: bool = False # Log requests that are allowed by the filters\r\n```\r\n\r\n#### Default values for the check and action functions.\r\n\r\n```\r\nREQUEST_FILTERS_DEFAULT_CHECK_VALUE: Union[bool, callable] = True # Allow checks to pass by default\r\nREQUEST_FILTERS_DEFAULT_ACTION_VALUE: callable = lambda self, filter, settings, request, get_response: HttpResponseForbidden(\r\n _(\"You are not allowed to access this resource\")\r\n)\r\n```\r\n\r\n#### Registering menu items\r\n\r\n```\r\nREQUEST_FILTERS_REGISTER_TO_MENU: str = \"register_settings_menu_item\" # Register to a menu hook.\r\n```\r\n",
"bugtrack_url": null,
"license": "GPL-3.0-only",
"summary": "A firewall for your wagtail application. It allows you to filter requests based on IP, User-Agent, URL and Country.",
"version": "1.4.9",
"project_urls": {
"Homepage": "https://github.com/Nigel2392/request_filters"
},
"split_keywords": [],
"urls": [
{
"comment_text": "",
"digests": {
"blake2b_256": "21fa4a854add2e72fdfa5d25edd5d1b9c5f61a8cb22c454591572feea158c1b0",
"md5": "09b2df9ea5e300188513cb624638dd90",
"sha256": "983cc832ac20fac2478a237abdb26ad9cc27ffa7d7122cdf58ee35afd8bc6b3b"
},
"downloads": -1,
"filename": "request_filters-1.4.9.tar.gz",
"has_sig": false,
"md5_digest": "09b2df9ea5e300188513cb624638dd90",
"packagetype": "sdist",
"python_version": "source",
"requires_python": ">=3.8",
"size": 109667,
"upload_time": "2024-03-19T15:38:01",
"upload_time_iso_8601": "2024-03-19T15:38:01.271562Z",
"url": "https://files.pythonhosted.org/packages/21/fa/4a854add2e72fdfa5d25edd5d1b9c5f61a8cb22c454591572feea158c1b0/request_filters-1.4.9.tar.gz",
"yanked": false,
"yanked_reason": null
}
],
"upload_time": "2024-03-19 15:38:01",
"github": true,
"gitlab": false,
"bitbucket": false,
"codeberg": false,
"github_user": "Nigel2392",
"github_project": "request_filters",
"travis_ci": false,
"coveralls": false,
"github_actions": false,
"lcname": "request-filters"
}
JSON
