Forums

Django app protection against brute force attacks

Good evening,

I have been studying the django built-in user auth system over the last few days The official documentation states :

django user auth doc

"That’s the basic authentication backend that checks the Django users database and queries the built-in permissions. It does not provide protection against brute force attacks via any rate limiting mechanism. You may either implement your own rate limiting mechanism in a custom auth backend, or use the mechanisms provided by most Web servers."

The django rest framework module, offers the possibility to use the included throttling options, to mitigate this

When not using DRF, it appears to me there is no such throttling built-in control included into raw django projects. I have found several packages offering to do this, but not officially supported

I would love to know if pythonanywhere is implementing any default mechanism to address this ? Or if it is possible to customize it somehow ?

Regards

deleted-user-8790 | 1 post | Aug. 29, 2021, 10:57 p.m. | permalink

The Django rate limit package provides that functionality. It is not something that we cam implement for you since there are so many different scenarios that could arise that a single solution will not work.

Staff glenn | 279 posts | PythonAnywhere staff | Aug. 30, 2021, 6:13 p.m. | permalink

It makes sense,

Thank you for your help !

deleted-user-9792 | 1 post | Aug. 31, 2021, 8:24 p.m. | permalink