-
Notifications
You must be signed in to change notification settings - Fork 0
/
Copy pathnotes
70 lines (57 loc) · 2.79 KB
/
notes
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
# ----------------------
# RATE LIMITER
# ----------------------
# Add a dummy cache backend configuration
# rate limiter (pip install django_ratelimit)
"""CACHES = {
'default': {
'BACKEND': 'django.core.cache.backends.dummy.DummyCache', # Use DummyCache
}
}
# Example global rate limiting settings
RATELIMIT_CACHE = 'default' # Use Django's default cache
RATELIMIT_SKIP_IF_AUTHENTICATED = True # Skip rate limiting for authenticated users
# Important Notes:
# Since you are using DummyCache, rate limiting will reset after each server restart. If you want a more persistent solution, you might need to use a more permanent cache backend (like Memcached or Redis).
# This configuration is fine for low-traffic scenarios, but for production environments, consider using a more persistent and distributed cache for better performance and scalability.
"""
# ----------------------
# RATE LIMITER SAMPLE
# ----------------------
"""from django_ratelimit.decorators import ratelimit
# Use ratelimit decorator to limit requests by IP (5 requests per minute)
@ratelimit(key='ip', rate='5/m')
def my_view(request):
# Your view logic here
return HttpResponse("This is a rate-limited view!")
class MyView(View):
# Apply the rate limit only to the GET method
@ratelimit(key='ip', rate='5/m')
def get(self, request, *args, **kwargs):
if request.limited:
return HttpResponse("Too many requests, try again later.", status=429)
return HttpResponse("This is a rate-limited view!")
class MyView(View):
# Apply the rate limit to all HTTP methods
@ratelimit(key='ip', rate='5/m')
def dispatch(self, request, *args, **kwargs):
if request.limited:
return HttpResponse("Too many requests, try again later.", status=429)
return super().dispatch(request, *args, **kwargs)
# You can still override specific methods like get(), post(), etc.
def get(self, request, *args, **kwargs):
return HttpResponse("This is a rate-limited view!")
"""
/ python-dotenv - .env
/ django - authentication
/ django - session management
X django_ratelimit - brute force protection
/ django-forms (validator) - SQL injection or Cross-Site Scripting (XSS) protection
/ django - CSRF protection
/ django - Content Security Policy (CSP) | Helps prevent XSS attacks by specifying which dynamic resources are allowed to load. Prevents various attacks by setting HTTP headers that enforce security policies.
/ template engine - Escape output data
/ django - Logger
Additional:
Regular Security Audits
$ pip install pip-audit
$ pip-audit