httpBL Middleware for Django

Inspired by Project Honeypot and the http:BL WordPress Plugin, I decided to write a similar plugin for Django. The Http:BL API is well documented here and there are implementations for Joomla, Drupal and numerous others.

As my framework of choice is Django, we’ll focus on that.

To beign, you’ll need to request your http:BL API Access Key here. It is also suggested, but not required, that you configure your QuickLink (more on this below).

Now, in your settings.py you’ll want to add your http:BL API Key ‘HTTPBLKEY’.
HTTPBLKEY = 'opqrstuvwxyz'

Next you’ll need to include your httpbl middleware in MIDDLEWARE_CLASSES
MIDDLEWARE_CLASSES = ( .... 'projectname.middleware.httpbl.HttpBLMiddleware', .... )

You’ll want to place the middleware file, named httpbl.py in your project/middleware directory. If this does not exist, you will need to create it and place an empty __init__.py file in it.

project/middleware/httpbl.py(download)
from django.conf import settings from django.http import HttpResponseNotFound, HttpResponsePermanentRedirect import socket class HttpBLMiddleware(object): """ "HttpBL" Middleware by iamtgc@gmail.com """ def __init__(self, age=None, threat=None, classification=None): if age is None: self.age = getattr(settings, 'HTTPBLAGE', 14) else: self.age = age if threat is None: self.threat = getattr(settings, 'HTTPBLTHREAT', 30) else: self.threat = threat if classification is None: self.classification = getattr(settings, 'HTTPBLCLASS', 7) else: self.classification = classification def process_request(self, request): if settings.HTTPBLKEY: ip = request.META.get('REMOTE_ADDR') iplist = ip.split('.') iplist.reverse() domain = 'dnsbl.httpbl.org' query = settings.HTTPBLKEY + "." + ".".join(iplist) + "." + domain try: result = socket.gethostbyname(query) except socket.gaierror: return None resultlist = result.split('.') if (int(resultlist[1]) <= self.age and int(resultlist[2]) >= self.threat and int(resultlist[3]) & self.classification > 0): if settings.HTTPBLREDIRECT: return HttpResponsePermanentRedirect(settings.HTTPBLREDIRECT) else: return HttpResponseNotFound('<h1>Not Found</h1>') return None

This should be all you need to be on your way and protecting your Django site from suspicious hosts, email harvesters, and comment spammers. But who am I to tell you what your settings should be? Here are the additional settings you can define in settings.py. The octets that these variables correspond with are fully documented in Http:BL API Specification – Query Responses.
# HTTBLAGE - represents the number of days since activity was seen on the Honey Pot network. Defaults to 14 HTTPBLAGE = 14 # HTTPBLTHREAT = threat score assigned by Project Honey Pot, higher number is more of a threat. Defaults to 30 HTTPBLTHREAT = 30 # HTTPBLCLASS = bitset category, see API doc for more details. Defaults to 7 = Suspicious & Harvester & Comment Spammer HTTPBLCLASS = 7

As mentioned above, it is suggested that you configure a QuickLink. If configured, you should set HTTPBLREDIRECT to your QuickLink URL to redirect any “bad” traffic away from your site and into a honeypot. Again, this would be defined in settings.py.
# HTTPBLREDIRECT = QuickLink Honey Pot URL that we direct the bad traffic to. Default = "Not Found" response, no redirection. HTTPBLREDIRECT = 'http://some.honeypot.url/goes/here'