发表新帖
发表新帖

Authenticate by IP address in Django

后端 未结
关注
6 1981
别那么骄傲
别那么骄傲 2020-12-24 15:08

I have a small Django application with a view that I want to restrict to certain users. Anyone from a specific network should be able to see that view without any further au

6条回答
  • 北荒
    北荒 (楼主)
    2020-12-24 15:53

    IMO, solving this with Django is fine if it's a small non performance critical site.

    It's better to keep the unauthorized users fully at bay using your Apache or Nginx service. For example, in Nginx I have these lines in my site configuration:

    include allowed_ips.conf;
deny all;
error_page 403 forbidden.html;

    allowed_ips.conf is in /etc/nginx and looks (something) like this:

    allow 110.222.333.222;  # J Bloggs (sys admin)
allow 777.222.0.0/16;   # Government owned
...

    I believe this is better because the relatively slow Django processes never get touched by the blocked IPs. This is significant if you are blocking bots or other country address ranges for performance or security reasons.

    0 讨论(0)
 看不清?
提交回复
热议问题