开发者

django admin how to prevent brute force attack?

CAPTHCA/additional table field/allowed ip's - not propose.

I think best option is: keep login attempts in server cache.

If you can propound other options or cut up option with cache, 开发者_运维问答you are welcome.


Typically I would use the INTERNAL_IPS setting, and make a middleware that blocks access to /admin/ if you're not part of INTERNAL_IPS

Another option is to play with https://github.com/dmpayton/django-admin-honeypot -- you could potentially write a cron job that blocks these IPs via iptables or something.

0

上一篇:

下一篇:

精彩评论

暂无评论...
验证码 换一张
取 消

最新问答

问答排行榜