Opened 18 years ago
Closed 15 years ago
#2538 closed enhancement (wontfix)
Add throttling middleware
| Reported by: | Adrian Holovaty | Owned by: | Adrian Holovaty |
|---|---|---|---|
| Component: | Core (Other) | Version: | |
| Severity: | normal | Keywords: | session handling |
| Cc: | Triage Stage: | Unreviewed | |
| Has patch: | no | Needs documentation: | no |
| Needs tests: | no | Patch needs improvement: | no |
| Easy pickings: | no | UI/UX: | no |
Description
It'd be nice to have a middleware that would throttle requests from the same IP address, to prevent things like brute-force password attacks and DOS attacks. Or just rudeness on the part of search-engine spiders. This middleware would have to keep track of each request and which IP address it came from. Probably HTTP_FORWARDED_FOR, too, if that's available.
Change History (4)
comment:1 by , 18 years ago
| Keywords: | session handling added |
|---|
comment:2 by , 17 years ago
| Resolution: | → wontfix |
|---|---|
| Status: | new → closed |
Marked as wontfix, since this is better handled at the webserver level using something like mod_throttle, unless anyone has other situations when this is necessary?
comment:3 by , 15 years ago
| Resolution: | wontfix |
|---|---|
| Status: | closed → reopened |
In the world of App Engine this would be handy to prevent too much data submission from a single IP perhaps? i.e. when running django in a non-apache environment.
comment:4 by , 15 years ago
| Resolution: | → wontfix |
|---|---|
| Status: | reopened → closed |
Closing again - no need to bloat Django just for app engine's sake. Not saying that this might not be useful, it just doesn't need to be in core Django
Take it to django-dev if you want to discuss more.
there are several of these already available for apache2. what could a middleware version in django do what those couldn't ?