Middleware to protect a FastAPI app against spammers that try to exploit known vulnerabilities
- Free software: MIT license
- Documentation: https://fastapi-spammer-protection.readthedocs.io.
from pathlib import Path
from fastapi_spammer_protection import SpammerProtection
from fastapi import FastAPI
app = FastAPI()
app.add_middleware(SpammerProtection(Path('./banlist.txt')))
# ...
This simple middleware checks the incoming traffic for bots trying to exploit known vulnerabilities. It is not made for security purposes, but to try to :
- mitigate log spam by setting iptables rules upstream of the HTTP server
- avoid overloading the ASGI runner by dumping requests early (and replying with a 403 status code)
There's also an element of security added : since te IP is blocked by trying to call any of the known "bad" requests, subsequent requests by that same IP will never reach your source code, even if there is a vulnerability in your app (not that you should rely solely on that, but it's an increase in protection)
#!/usr/bin/env bash
for ip in $(cat data/blacklist.txt); do
iptables -A INPUT -s $ip -j DROP
done
Add the following to your configuration file :
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;