For users who want to restrict access to their application for small application, I have implemented a simple basic auth restriction mechanism.
setup_server.py
auth = auth.BasicAuth(
login=os.get('LOGIN'),
password=os.get('PASSWORD'),
delay_after_failure=1, # limit attempt when authentication fail (avoid brute force)
block_user_after_failure=True # block the request for the delay
)
Brute force protection
A simple brute force protection is implemented by default. If a user fails to log in, the IP of this user is blocked.
Writer framework will ban the IP from either the X-Forwarded-For header or the X-Real-IP header or the client IP address.
When a user fails to log in, they wait 1 second before they can try again. This time can be modified by
modifying the value of delay_after_failure.
For users who want to restrict access to their application for small application, I have implemented a simple basic auth restriction mechanism.
setup_server.py
Brute force protection
A simple brute force protection is implemented by default. If a user fails to log in, the IP of this user is blocked. Writer framework will ban the IP from either the
X-Forwarded-Forheader or theX-Real-IPheader or the client IP address.When a user fails to log in, they wait 1 second before they can try again. This time can be modified by modifying the value of
delay_after_failure.