Keep track of failed login attempts in Django-powered sites.
Project description
Django Axes
django-axes is a very simple way for you to keep track of failed login attempts, both for the Django admin and for the rest of your site. The name is sort of a geeky pun, since axes can be read interpreted as:
“access”, as in monitoring access attempts
“axes”, as in tools you can use hack (generally on wood). In this case, however, the “hacking” part of it can be taken a bit further: django-axes is intended to help you stop people from hacking (popular media definition) your website. Hilarious, right? That’s what I thought too!
For more information see the documentation at:
https://django-axes.readthedocs.io/
If you have questions or have trouble using the app please file a bug report at:
Changes
4.2.1 (2018-04-18)
Fix unicode string interpolation on Python 2.7 [aleksihakli]
4.2.0 (2018-04-13)
Add configuration flags for client IP resolving [aleksihakli]
Add AxesModelBackend authentication backend [markdaviddoff]
4.1.0 (2018-02-18)
Add AXES_CACHE setting for configuring axes specific caching. [JWvDronkelaar]
Add checks and tests for faulty LocMemCache usage in application setup. [aleksihakli]
4.0.2 (2018-01-19)
Improve Windows compatibility on Python < 3.4 by utilizing win_inet_pton [hsiaoyi0504]
Add documentation on django-allauth integration [grucha]
Add documentation on known AccessAttempt caching configuration problems when using axes with the django.core.cache.backends.locmem.LocMemCache [aleksihakli]
Refactor and improve existing AccessAttempt cache reset utility [aleksihakli]
4.0.1 (2017-12-19)
Fixes issue when not using AXES_USERNAME_FORM_FIELD [camilonova]
4.0.0 (2017-12-18)
BREAKING CHANGES. AXES_BEHIND_REVERSE_PROXY AXES_REVERSE_PROXY_HEADER AXES_NUM_PROXIES were removed in order to use django-ipware to get the user ip address [camilonova]
Added support for custom username field [kakulukia]
Customizing Axes doc updated [pckapps]
Remove filtering by username [camilonova]
Fixed logging failed attempts to authenticate using a custom authentication backend. [D3X]
3.0.3 (2017-11-23)
Test against Python 2.7. [mbaechtold]
Test against Python 3.4. [pope1ni]
3.0.2 (2017-11-21)
Added form_invalid decorator. Fixes #265 [camilonova]
3.0.1 (2017-11-17)
Fix DeprecationWarning for logger warning [richardowen]
Fixes global lockout possibility [joeribekker]
Changed the way output is handled in the management commands [ataylor32]
3.0.0 (2017-11-17)
BREAKING CHANGES. Support for Django >= 1.11 and signals, see issue #215. Drop support for Python < 3.6 [camilonova]
2.3.3 (2017-07-20)
Many tweaks and handles successful AJAX logins. [Jack Sullivan]
Add tests for proxy number parametrization [aleksihakli]
Add AXES_NUM_PROXIES setting [aleksihakli]
Log failed access attempts regardless of settings [jimr]
Updated configuration docs to include AXES_IP_WHITELIST [Minkey27]
Add test for get_cache_key function [jorlugaqui]
Delete cache key in reset command line [jorlugaqui]
Add signals for setting/deleting cache keys [jorlugaqui]
2.3.2 (2016-11-24)
Only look for lockable users on a POST [schinckel]
Fix and add tests for IPv4 and IPv6 parsing [aleksihakli]
2.3.1 (2016-11-12)
Added settings for disabling success accesslogs [Minkey27]
Fixed illegal IP address string passed to inet_pton [samkuehn]
2.3.0 (2016-11-04)
Fixed axes_reset management command to skip “ip” prefix to command arguments. [EvaMarques]
Added axes_reset_user management command to reset lockouts and failed login records for given users. [vladimirnani]
Fixed Travis-PyPI release configuration. [jezdez]
Make IP position argument optional. [aredalen]
Added possibility to disable access log [svenhertle]
Fix for IIS used as reverse proxy adding port number [Dmitri-Sintsov]
Made the signal race condition safe. [Minkey27]
Added AXES_ONLY_USER_FAILURES to support only looking at the user ID. [lip77us]
2.2.0 (2016-07-20)
Improve the logic when using a reverse proxy to avoid possible attacks. [camilonova]
2.1.0 (2016-07-14)
Add default_app_config so you can just use axes in INSTALLED_APPS [vdboor]
2.0.0 (2016-06-24)
Removed middleware to use app_config [camilonova]
Lots of cleaning [camilonova]
Improved test suite and versions [camilonova]
1.7.0 (2016-06-10)
Use render shortcut for rendering LOCKOUT_TEMPLATE [Radosław Luter]
Added app_label for RemovedInDjango19Warning [yograterol]
Add iso8601 translator. [mullakhmetov]
Edit json response. Context now contains ISO 8601 formatted cooloff time [mullakhmetov]
Add json response and iso8601 tests. [mullakhmetov]
Fixes issue 162: UnicodeDecodeError on pip install [joeribekker]
Added AXES_NEVER_LOCKOUT_WHITELIST option to prevent certain IPs from being locked out. [joeribekker]
1.6.1 (2016-05-13)
Fixes whitelist check when BEHIND_REVERSE_PROXY [Patrick Hagemeister]
Made migrations py3 compatible [mvdwaeter]
Fixing #126, possibly breaking compatibility with Django<=1.7 [int-ua]
Add note for upgrading users about new migration files [kelseyq]
Fixes #148 [camilonova]
Decorate auth_views.login only once [teeberg]
Set IP public/private classifier to be compliant with RFC 1918. [SilasX]
Issue #155. Lockout response status code changed to 403. [Артур Муллахметов]
BUGFIX: Missing migration [smeinel]
1.6.0 (2016-01-07)
Stopped using render_to_response so that other template engines work [tarkatronic]
Improved performance & DoS prevention on query2str [tarkatronic]
Immediately return from is_already_locked if the user is not lockable [jdunck]
Iterate over ip addresses only once [annp89]
added initial migration files to support django 1.7 &up. Upgrading users should run migrate –fake-initial after update [ibaguio]
Add db indexes to CommonAccess model [Schweigi]
1.5.0 (2015-09-11)
Fix #_get_user_attempts to include username when filtering AccessAttempts if AXES_LOCK_OUT_BY_COMBINATION_USER_AND_IP is True [afioca]
1.4.0 (2015-08-09)
Send the user_locked_out signal. Fixes #94. [toabi]
1.3.9 (2015-02-11)
Python 3 fix (#104)
1.3.8 (2014-10-07)
Rename GitHub organization from django-security to django-pci to emphasize focus on providing assistance with building PCI compliant websites with Django. [aclark4life]
1.3.7 (2014-10-05)
Explain common issues where Axes fails silently [cericoda]
Allow for user-defined username field for lookup in POST data [SteveByerly]
Log out only if user was logged in [zoten]
Support for floats in cooloff time (i.e: 0.1 == 6 minutes) [marianov]
Limit amount of POST data logged (#73). Limiting the length of value is not enough, as there could be arbitrary number of them, or very long key names. [peterkuma]
Improve get_ip to try for real ip address [7wonders]
Change IPAddressField to GenericIPAddressField. When using a PostgreSQL database and the client does not pass an IP address you get an inet error. This is a known problem with PostgreSQL and the IPAddressField. https://code.djangoproject.com/ticket/5622. It can be fixed by using a GenericIPAddressField instead. [polvoblanco]
Get first X-Forwarded-For IP [tutumcloud]
White listing IP addresses behind reverse proxy. Allowing some IP addresses to have direct access to the app even if they are behind a reverse proxy. Those IP addresses must still be on a white list. [ericbulloch]
Reduce logging of reverse proxy IP lookup and use configured logger. Fixes #76. Instead of logging the notice that django.axes looks for a HTTP header set by a reverse proxy on each attempt, just log it one-time on first module import. Also use the configured logger (by default axes.watch_login) for the message to be more consistent in logging. [eht16]
Limit the length of the values logged into the database. Refs #73 [camilonova]
Refactored tests to be more stable and faster [camilonova]
Clean client references [camilonova]
Fixed admin login url [camilonova]
Added django 1.7 for testing [camilonova]
Travis file cleanup [camilonova]
Remove hardcoded url path [camilonova]
Fixing tests for django 1.7 [Andrew-Crosio]
Fix for django 1.7 exception not existing [Andrew-Crosio]
Removed python 2.6 from testing [camilonova]
Use django built-in six version [camilonova]
Added six as requirement [camilonova]
Added python 2.6 for travis testing [camilonova]
Replaced u string literal prefixes with six.u() calls [amrhassan]
Fixes object type issue, response is not an string [camilonova]
Python 3 compatibility fix for db_reset [nicois]
Added example project and helper scripts [barseghyanartur]
Admin command to list login attemps [marianov]
Replaced six imports with django.utils.six ones [amrhassan]
Replaced u string literal prefixes with six.u() calls to make it compatible with Python 3.2 [amrhassan]
Replaced assertIn`s and `assertNotIn`s with `assertContains and assertNotContains [fcurella]
Added py3k to travis [fcurella]
Update test cases to be python3 compatible [nicois]
Python 3 compatibility fix for db_reset [nicois]
Removed trash from example urls [barseghyanartur]
Added django installer [barseghyanartur]
Added example project and helper scripts [barseghyanartur]
1.3.6 (2013-11-23)
Added AttributeError in case get_profile doesn’t exist [camilonova]
Improved axes_reset command [camilonova]
1.3.5 (2013-11-01)
Fix an issue with __version__ loading the wrong version [graingert]
1.3.4 (2013-11-01)
Update README.rst for PyPI [marty] [camilonova] [graingert]
Add cooloff period [visualspace]
1.3.3 (2013-07-05)
Added ‘username’ field to the Admin table [bkvirendra]
Removed fallback logging creation since logging cames by default on django 1.4 or later, if you don’t have it is because you explicitly wanted. Fixes #45 [camilonova]
1.3.2 (2013-03-28)
Fix an issue when a user logout [camilonova]
Match pypi version [camilonova]
Better User model import method [camilonova]
Use only one place to get the version number [camilonova]
Fixed an issue when a user on django 1.4 logout [camilonova]
Handle exception if there is not user profile model set [camilonova]
Made some cleanup and remove a pokemon exception handling [camilonova]
Improved tests so it really looks for the rabbit in the hole [camilonova]
Match pypi version [camilonova]
1.3.1 (2013-03-19)
Add support for Django 1.5 [camilonova]
1.3.0 (2013-02-27)
Bug fix: get_version() format string [csghormley]
1.2.9 (2013-02-20)
Add to and improve test cases [camilonova]
1.2.8 (2013-01-23)
Increased http accept header length [jslatts]
1.2.7 (2013-01-17)
Reverse proxy support [rmagee]
Clean up README [martey]
1.2.6 (2012-12-04)
Remove unused import [aclark4life]
1.2.5 (2012-11-28)
Fix setup.py [aclark4life]
Added ability to flag user accounts as unlockable. [kencochrane]
Added ipaddress as a param to the user_locked_out signal. [kencochrane]
Added a signal receiver for user_logged_out. [kencochrane]
Added a signal for when a user gets locked out. [kencochrane]
Added AccessLog model to log all access attempts. [kencochrane]
Project details
Release history Release notifications | RSS feed
Download files
Download the file for your platform. If you're not sure which to choose, learn more about installing packages.
Source Distribution
Built Distribution
Hashes for django_axes-4.2.1-py3-none-any.whl
Algorithm | Hash digest | |
---|---|---|
SHA256 | 4b5814684a479685e67a66f00a335729afa247ec89141f4b08b03d8693f88b9e |
|
MD5 | 50bfcd541819141a8947f0e396d42ba3 |
|
BLAKE2b-256 | 4e79b1adc60a571f204102a94d42210ecce2a29b0440e67d84ca35dc0ee35ea2 |