Giter Site home page Giter Site logo

rohit0x1 / fastapi_spammer_protection Goto Github PK

View Code? Open in Web Editor NEW

This project forked from sbordeyne/fastapi_spammer_protection

0.0 0.0 0.0 34 KB

A FastAPI middleware to help protect against spammers and bots trying to exploit vulnerabilities

License: MIT License

Python 100.00%

fastapi_spammer_protection's Introduction

fastapi_spammer_protection

PyPI Documentation Status

Middleware to protect a FastAPI app against spammers that try to exploit known vulnerabilities

Usage

from pathlib import Path

from fastapi_spammer_protection import SpammerProtection
from fastapi import FastAPI

app = FastAPI()
app.add_middleware(SpammerProtection(Path('./banlist.txt')))
# ...

This simple middleware checks the incoming traffic for bots trying to exploit known vulnerabilities. It is not made for security purposes, but to try to :

  • mitigate log spam by setting iptables rules upstream of the HTTP server
  • avoid overloading the ASGI runner by dumping requests early (and replying with a 403 status code)

There's also an element of security added : since te IP is blocked by trying to call any of the known "bad" requests, subsequent requests by that same IP will never reach your source code, even if there is a vulnerability in your app (not that you should rely solely on that, but it's an increase in protection)

Script to add the IPs from the banlist to iptable rules

#!/usr/bin/env bash

for ip in $(cat data/blacklist.txt); do
    iptables -A INPUT -s $ip -j DROP
done

NGINX configuration for the X-Forwarded-For header

Add the following to your configuration file :

proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;

fastapi_spammer_protection's People

Contributors

sbordeyne avatar

Recommend Projects

  • React photo React

    A declarative, efficient, and flexible JavaScript library for building user interfaces.

  • Vue.js photo Vue.js

    ๐Ÿ–– Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.

  • Typescript photo Typescript

    TypeScript is a superset of JavaScript that compiles to clean JavaScript output.

  • TensorFlow photo TensorFlow

    An Open Source Machine Learning Framework for Everyone

  • Django photo Django

    The Web framework for perfectionists with deadlines.

  • D3 photo D3

    Bring data to life with SVG, Canvas and HTML. ๐Ÿ“Š๐Ÿ“ˆ๐ŸŽ‰

Recommend Topics

  • javascript

    JavaScript (JS) is a lightweight interpreted programming language with first-class functions.

  • web

    Some thing interesting about web. New door for the world.

  • server

    A server is a program made to process requests and deliver data to clients.

  • Machine learning

    Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.

  • Game

    Some thing interesting about game, make everyone happy.

Recommend Org

  • Facebook photo Facebook

    We are working to build community through open source technology. NB: members must have two-factor auth.

  • Microsoft photo Microsoft

    Open source projects and samples from Microsoft.

  • Google photo Google

    Google โค๏ธ Open Source for everyone.

  • D3 photo D3

    Data-Driven Documents codes.