si:dZddlZddlZddlmZddlmZmZmZddl m Z ddl m Z ddl mZddlmZdd lmZddlZej(eZGd d ZeZy) zW Enhanced rate limiting middleware with bot detection and malicious request filtering. N) defaultdict)DictListTuple) HttpResponse)cache)settings)render_to_string)MiddlewareMixincreZdZdZdZdZdZdZdZdZ dZ dd Z d Z d Z d Zd ZdZdZdZdZy)EnhancedRateLimitMiddlewareax Enhanced middleware to rate limit requests and detect malicious bot behavior. Features: - IP-based rate limiting with configurable thresholds - Bot detection based on user agents and request patterns - Malicious request pattern detection - Different rate limits for suspicious vs normal traffic - Enhanced logging for security monitoring c||_ttdd|_ttdd|_ttdd|_ttdd|_ttd d |_ttd d|_ttd d |_ ttdgd|_ gd|_ gd|_ gd|_ tjdj!|jtj"|_tjdj!|jtj"|_y)NRATE_LIMIT_REQUESTSdRATE_LIMIT_WINDOWiRATE_LIMIT_BLOCK_DURATIONiRATE_LIMIT_ENABLEDTRATE_LIMIT_BOT_REQUESTSRATE_LIMIT_BOT_BLOCK_DURATIONRATE_LIMIT_SUSPICIOUS_REQUESTS RATE_LIMIT_EXEMPT_PATHS) z/static/z/media/z /favicon.icoz /robots.txtz /sitemap.xmlz/admin/jsi18n/z%/inbox/notifications/api/unread_list/z$/inbox/notifications/api/unread_listz/jsi18n/z/reload-messages)masscannmapzmapshodancensyssqlmapniktoacunetixburpzheadless.*chrome.*(?!normal) phantomjs scrapybotscrapynutch)curlwgetzpython-requestsz python-httpxjavazgo-httprubynodeaxiosfetchpostmaninsomniazmobile.*safariiphoneandroidchromefirefoxsafariedge)z\.php$z\.asp$z\.jsp$z\.cgi$z/adminz /wp-adminz/administratorz/loginz/signinz/authz\.env$z \.config$z \.backup$z/api/v1z/api/v2z/rest/z1\.\./\.\./\.\./\.\./\.\./\.\./\.\./\.\./\.\./\.\.zz7EnhancedRateLimitMiddleware.__call__..`s%WT|&&t{{3'78Ws*-z/inbox/notifications/api/user)bot suspicious)r<r7rTrRanyr@hasattrrWis_authenticated get_client_ipclassify_request is_blockedlog_blocked_requestcreate_rate_limit_responseis_rate_limitedblock_iplog_rate_limit_exceededrecord_requestlog_suspicious_request)rJrequest ip_address request_typeresponserUs @rK__call__z$EnhancedRateLimitMiddleware.__call__Zsz||$$W- -||**3/ WTEVEVW W$$W- - '',, 6$$W- - 7F # (E(E$$W- -''0 ,,W5  ??:| 4  $ $Z, G22<@ @    L 9 MM*l 3  ( (Wl K22<@ @ J 5 0 0  ' ' G\ J$$W-rMc|jjddj}|jj}|j |}|rOt j dj|jt j}|j|ry|jdk(r7|jj|s|jj|ry|j|ry|r|jj|ry|jjds|sy|j|ryy) z/Classify request as normal, bot, or suspicious.HTTP_USER_AGENTr6normalPOSTrYrX HTTP_ACCEPT)METAgetlowerrTr]rDrErFrBrGsearchmethodrIis_high_frequency_requestrHis_scanning_behavior)rJrg user_agentrTrhlegitimate_regexs rKr^z,EnhancedRateLimitMiddleware.classify_requests\\%%&7<BBD ||!!#''0  !zz#((43X3X*Y[][h[hi &&z2 >>V #,,33D9T=Z=Z=a=abl=m#  ) )* 5T66==jI|| .z  $ $W -rMc4gd}tfd|DS)z,Detect if this looks like scanning behavior.)z/admin/z /wp-admin/z /phpmyadmin/z/.envz /config.phpc3TK|]}jj|!yw)N)rTrQ)rSrTrgs rKrVzCEnhancedRateLimitMiddleware.is_scanning_behavior..s NT7<<**40Ns%()rZ)rJrgsuspicious_pathss ` rKrxz0EnhancedRateLimitMiddleware.is_scanning_behaviors]N=MNNNrMc d|}tj}tj|g}|Dcgc] }||z dks |}}|j|tj||dddt |dkDScc}w)z6Check if IP is making more than 3 requests per second.rate_limit_frequency_g?iN)timerrsappendsetlen)rJrh frequency_key current_time request_timest recent_timess rKrwz5EnhancedRateLimitMiddleware.is_high_frequency_requests/ |< yy{  -4 $1LaL14D4KL L L)  -cd!3Q7< 1$$Ms BBc|dk(r|j|jfS|dk(r|j|jfS|j|jfS)z&Get rate limits based on request type.rYrX)r?r>r=r9r;)rJris rKget_limits_for_typez/EnhancedRateLimitMiddleware.get_limits_for_typesW < '1143J3JJ J U "**D,C,CC C&&(;(;; ;rMc4|jjd}|r$|jddj}|S|jjdxs9|jjdxs|jjdd}|S)zGet the real client IP address.HTTP_X_FORWARDED_FOR,rHTTP_X_REAL_IPHTTP_CF_CONNECTING_IP REMOTE_ADDRrn)rrrssplitstrip)rJrgx_forwarded_forips rKr]z)EnhancedRateLimitMiddleware.get_client_ips",,**+AB  &&s+A.446B  ,,""#346,,""#:;6,,""="5  rMcd|d|d|S)z3Generate cache key for IP address and request type. rate_limit__)rJrhkey_typeris rK get_cache_keyz)EnhancedRateLimitMiddleware.get_cache_keysXJa ~QzlCCrMc|j|d|}|dk(rl|j|dd}|j|dd}tj|dxs.tj|dxstj|dS|dk(rA|j|dd}tj|dxstj|dStj|dS)z?Check if IP address is currently blocked for this request type.blockrorXrYF)rrrs)rJrhri block_key bot_block_keysuspicious_block_keys rKr_z&EnhancedRateLimitMiddleware.is_blockeds&&z7LI 8 # ..z7EJM#'#5#5j'<#X IIi/;IImU3;II2E: <U "#'#5#5j'<#X 99Y.X%))&&z7LI  )T>2&&z7LI  YrMc|j|\}}|j|d|}tj|dt jd}t j}|d}|d} ||z |j kDry| |k\S)zFCheck if IP address has exceeded the rate limit for this request type.rrr window_startrF)rrrrsrr:) rJrhrir9rr request_datarrrs rKrbz+EnhancedRateLimitMiddleware.is_rate_limiteds 44\B&&z7LI yya,UV yy{ #N3 W% , &)9)9 9&&rMcD|j|d|}tj|dtjd}tj}|d}|d}||z |jkDrd|d}n|dz|d<tj |||jdzy)zBRecord a request from an IP address for the specific request type.rrrri,N)rrrsrr:r)rJrhrirrrrrs rKrez*EnhancedRateLimitMiddleware.record_request s&&z7LI yya,UV yy{ #N3 W% , &)9)9 9%& EL$)AIL ! )\4+;+;c+ABrMc|dk(rtdddS td}t|ddS#td ddcYSxYw) z6Create appropriate response for rate limited requests.rYz Bad Requestiz text/plain)status content_typez429.htmliz text/htmlz,Rate limit exceeded. Please try again later.)rr )rJricontents rKraz6EnhancedRateLimitMiddleware.create_rate_limit_responsesT < ' c U U *:6#GCkRR #B!-s .Ac|jjdd}tjd|j d|d|j d|j d|dd d y) z$Log blocked requests for monitoring.rmUnknownzBLOCKED  request from : method= path= ua='Nr')rrrsloggerwarningupperrvrTrJrhrgrirys rKr`z/EnhancedRateLimitMiddleware.log_blocked_request,sm\\%%&7C |))+,N:,Gnn%VGLL>z$3?O>PPQ S rMc|jjdd}|j|\}}tj d|j d|d|j d|jd|d|jd |d |d d d y )z Log when rate limit is exceeded.rmrzRATE LIMIT EXCEEDED for z from rrz limit=rOzs blocked_for=zs ua='Nrr) rrrsrrrrrvrTr:)rJrhrgrirylimitsdurations rKrdz3EnhancedRateLimitMiddleware.log_rate_limit_exceeded4s\\%%&7C 33LA&|'9'9';&:HAd../~hZHds#$A ' rMc|jjdd}tjd|j d|d|j d|j d|dd d y) z'Log suspicious requests for monitoring.rmrz SUSPICIOUS rrrrNrr)rrrsrinforrvrTrs rKrfz2EnhancedRateLimitMiddleware.log_suspicious_request?sm\\%%&7C  ,,,./~j\Jnn%VGLL>z$3?O>PPQ S rMN)ro)__name__ __module__ __qualname____doc__rLrkr^rxrwrr]rr_rcrbrerar`rdrfrrMrKr r s^ :fx*X"HO %(< D/  '"C""    rMr )rrrD collectionsrtypingrrr django.httprdjango.core.cacher django.confr django.template.loaderr django.utils.deprecationr logging getLoggerrrr RateLimitMiddlewarerrMrKrsT #$$$# 34   8 $s s n 2rM