Mar*_*rty 3 python security django django-middleware httprequest
我收到了很多spambot请求(请求将referrer作为垃圾邮件站点).如何在中间件上使用process_request过早拒绝请求,以便django不响应来自特定引用者的请求?
Rah*_*pta 10
RejectSpambotRequestsMiddleware如果referer请求来自特定的引荐来源,您可以创建一个拒绝请求的类.
它应该返回一个None或一个HttpResponse对象.如果它返回None,Django将继续处理此请求,执行任何其他process_request()中间件,然后是process_view()中间件,最后是相应的视图.通常,403 Forbidden如果传入请求未通过中间件执行的检查,则会向用户发送响应.
from django.http import HttpResponseForbidden
class RejectSpambotRequestsMiddleware(object):
def process_request(self, request):
referer = request.META.get('HTTP_REFERER')
if referer == 'spambot_site_referer':
return HttpResponseForbidden() # reject the request and return 403 forbidden response
return # return None in case of a valid request
然后你的中间件添加到MIDDLEWARE_CLASSES您的settings.py文件.
MIDDLEWARE_CLASSES = (
'django.middleware.common.CommonMiddleware',
'django.middleware.csrf.CsrfViewMiddleware',
...
...
# your custom middleware here
'my_project.middlewares.RejectSpambotRequestsMiddleware',
)
注意:这里RejectSpambotRequestsMiddleware将在最后运行,因为Django按其定义的顺序MIDDLEWARE_CLASSES(自上而下)应用中间件.您可以MIDDLEWARE_CLASSES根据需要更改顺序.