Opened 9 years ago

Closed 6 years ago

#2538 closed enhancement (wontfix)

Add throttling middleware

Reported by: adrian Owned by: adrian
Component: Core (Other) Version:
Severity: normal Keywords: session handling
Cc: Triage Stage: Unreviewed
Has patch: no Needs documentation: no
Needs tests: no Patch needs improvement: no
Easy pickings: UI/UX:

Description

It'd be nice to have a middleware that would throttle requests from the same IP address, to prevent things like brute-force password attacks and DOS attacks. Or just rudeness on the part of search-engine spiders. This middleware would have to keep track of each request and which IP address it came from. Probably HTTP_FORWARDED_FOR, too, if that's available.

Change History (4)

comment:1 Changed 9 years ago by Ian@…

  • Keywords session handling added

there are several of these already available for apache2. what could a middleware version in django do what those couldn't ?

comment:2 Changed 8 years ago by Simon G. <dev@…>

  • Resolution set to wontfix
  • Status changed from new to closed

Marked as wontfix, since this is better handled at the webserver level using something like mod_throttle, unless anyone has other situations when this is necessary?

comment:3 Changed 6 years ago by elsigh

  • Resolution wontfix deleted
  • Status changed from closed to reopened

In the world of App Engine this would be handy to prevent too much data submission from a single IP perhaps? i.e. when running django in a non-apache environment.

comment:4 Changed 6 years ago by SmileyChris

  • Resolution set to wontfix
  • Status changed from reopened to closed

Closing again - no need to bloat Django just for app engine's sake. Not saying that this might not be useful, it just doesn't need to be in core Django

Take it to django-dev if you want to discuss more.

Note: See TracTickets for help on using tickets.
Back to Top