在太多身份验证失败后,是否存在锁定IP地址的方法?我没有看到内置限制将如何实现这一点,因为限制只会在身份验证和权限成功后启动。
答案 0 :(得分:8)
谢谢汤姆。我使用以下代码进行了子认证:
def authenticate(self, request):
#
# first check to see that IP address is not locked out
# due to too many failed authentication requests.
#
auth_failure_key = 'LOGIN_FAILURES_AT_%s' % request.META.get('REMOTE_ADDR')
auth_failures = cache.get(auth_failure_key) or 0
# allow up to 3 failures per hour
if auth_failures >= 3:
raise exceptions.AuthenticationFailed('Locked out: too many authentication failures')
try:
return super(TokenAuthentication, self).authenticate(request)
except exceptions.AuthenticationFailed as e:
# update cache
cache.set(auth_failure_key, auth_failures + 1, 3600)
raise e
答案 1 :(得分:5)
没有开箱即用,没有。您需要子类化其中一个身份验证类,并在自定义身份验证类中自己实现该行为。