Rate limiting Django admin login with Nginx to prevent dictionary attack

Posted by shreddies on Stack Overflow See other posts from Stack Overflow or by shreddies
Published on 2010-03-31T10:28:46Z Indexed on 2010/03/31 10:33 UTC
Read the original article Hit count: 501

Filed under:

nginx

|

django

|

admin

|

ratelimit

I'm looking into the various methods of rate limiting the Django admin login to prevent dictionary attacks.

One solution is explained here: simonwillison.net/2009/Jan/7/ratelimitcache/

However, I would prefer to do the rate limiting at the web server side, using Nginx.

Nginx's limit_req module does just that - allowing you to specify the maximum number of requests per minute, and sending a 503 if the user goes over: http://wiki.nginx.org/NginxHttpLimitReqModule

Perfect! I thought I'd cracked it until I realised that Django admin's login page is not in a consistent place, eg /admin/blah/ gives you a login page at that URL, rather than bouncing to a standard login page.

So I can't match on the URL. Can anyone think of another way to know that the admin page was being displayed (regexp the response HTML?)

© Stack Overflow or respective owner

Related posts about nginx

ModSecurity compile error on nginx

as seen on Server Fault - Search for 'Server Fault'
I'm trying to install ModSecurity on nginx with the following instructions : wget https://github.com/SpiderLabs/ModSecurity/archive/master.zip unzip master cd ModSecurity-master ./autogen.sh ./configure --enable-standalone-module And i got the following error : Checking plataform... Identified… >>> More
Cannot Start Nginx Compiled from Source

as seen on Server Fault - Search for 'Server Fault'
I am trying to compile Nginx from source based on the original compiled Nginx server running on my DigitalOcean server ( Ubuntu-14.04 64x ) but with a few extra modules. I can get everything installed smoothly but I can not get it to start. I am sure the ini is correct because I copied the original… >>> More
Nginx http_mp4_module seam installed but dont work

as seen on Server Fault - Search for 'Server Fault'
I try to use the http_mp4_module on my Ubuntu server but that didnt seem to work at all. When i check nginx -V i get : nginx version: nginx/1.1.19 TLS SNI support enabled configure arguments: --prefix=/etc/nginx --conf-path=/etc/nginx/nginx.conf --error-log-path=/var/log/nginx/error.log --http-client-body-temp-path=/var/lib/nginx/body… >>> More
GeoIP and Nginx

as seen on Server Fault - Search for 'Server Fault'
I have a nginx with geoip, but it is not working rightly. The issue is the next: Nginx are getting geodata from $_SERVER['REMOTE_ADDR'] instead of $_SERVER['HTTP_X_HAPROXY_IP'], which have the real client ip. So, the reported geodata belongs to my server ip instead of client ip. Does anybody where… >>> More
Nginx1.6.1: Installing from source not running corectly

as seen on Server Fault - Search for 'Server Fault'
I just installed Nginx 1.6.1 from source but it didn't seem to installed correctly. Nginx is running if I service nginx status but when I do nginx -v it outputs command not found. Regular HTML page shows fine and there is no error in the error logs. I am on AWS Ec2 linux AMI. Here is my /etc/init… >>> More

Related posts about django

Overriding the save() method of a model that uses django-mptt

as seen on Stack Overflow - Search for 'Stack Overflow'
I've been using django-mptt in my project for a while now, it's fabulous. Recently, I've found a need to override a model's save() method that uses mptt, and I'm getting an error when I try to save a new instance of that model: Exception Type: ValueError at /admin/scrivener/page/add/ Exception Value:… >>> More
Where is meta.local_fields set in django.db.models.base.py ?

as seen on Stack Overflow - Search for 'Stack Overflow'
I'm getting the error: Exception Value: (1110, "Column 'about' specified twice") As I was reviewing the Django error page, I noticed that the customizations the model User, seem to be appended to the List twice. This seems to be happening here in django/db/model/base.py in base_save(): values… >>> More
Deploying Django on EC2 using Bitnami Djangostack: WSGI script cannot be loadded

as seen on Stack Overflow - Search for 'Stack Overflow'
I've been struggling to deploy Django application on Amazon EC2 using Bitnami Djangostack for the last couple of days. When I go to http://dewey.io I see the default bitnami page (/opt/bitnami/apache2/htdocs/index.html), however, when I open http://dewey.io/portnoy, I get 'Internal Server Error'… >>> More
Internal Server Error with mod_wsgi [django] on windows xp

as seen on Stack Overflow - Search for 'Stack Overflow'
when i run development server it works very well, even an empty project runing in mod_wsgi i have no problem but when i want to put my own project i get an Internal Server Error (500) in my apache conf i put WSGIScriptAlias /codevents C:/django/apache/CODEvents.wsgi <Directory "C:/django/apache"> Order… >>> More
Internal Server Error with mod_wgsi [django] on windows xp

as seen on Stack Overflow - Search for 'Stack Overflow'
when i run development server it works very well, even an empty project runing in mod_wsgi i have no problem but when i want to put my own project i get an Internal Server Error (500) in my apache conf i put WSGIScriptAlias /codevents C:/django/apache/CODEvents.wsgi <Directory "C:/django/apache"> Order… >>> More