httpBL Middleware for Django

Posted on February 11, 2008 by tgc

Inspired by Project Honeypot and the http:BL WordPress Plugin, I decided to write a similar plugin for Django. The Http:BL API is well documented here and there are implementations for Joomla, Drupal and numerous others.

As my framework of choice is Django, we’ll focus on that.

To beign, you’ll need to request your http:BL API Access Key here. It is also suggested, but not required, that you configure your QuickLink (more on this below).

Now, in your settings.py you’ll want to add your http:BL API Key ‘HTTPBLKEY’.

HTTPBLKEY = 'opqrstuvwxyz'

Next you’ll need to include your httpbl middleware in MIDDLEWARE_CLASSES

MIDDLEWARE_CLASSES = (
    ....
    'projectname.middleware.httpbl.HttpBLMiddleware',
    ....
)

You’ll want to place the middleware file, named httpbl.py in your project/middleware directory. If this does not exist, you will need to create it and place an empty __init__.py file in it.

project/middleware/httpbl.py(download)

from django.conf import settings
from django.http import HttpResponseNotFound, HttpResponsePermanentRedirect
import socket

class HttpBLMiddleware(object):
   """
   "HttpBL" Middleware by iamtgc@gmail.com
   """
   def __init__(self, age=None, threat=None, classification=None):
      if age is None:
         self.age = getattr(settings, 'HTTPBLAGE', 14)
      else:
         self.age = age
      if threat is None:
         self.threat = getattr(settings, 'HTTPBLTHREAT', 30)
      else:
         self.threat = threat
      if classification is None:
         self.classification = getattr(settings, 'HTTPBLCLASS', 7)
      else:
         self.classification = classification

   def process_request(self, request):

      if settings.HTTPBLKEY:
         ip = request.META.get('REMOTE_ADDR')
         iplist = ip.split('.')
         iplist.reverse()

         domain = 'dnsbl.httpbl.org'

         query = settings.HTTPBLKEY + "." + ".".join(iplist) + "." + domain

         try:
            result = socket.gethostbyname(query)
         except socket.gaierror:
            return None

         resultlist = result.split('.')

         if (int(resultlist[1]) <= self.age and int(resultlist[2]) >= self.threat and int(resultlist[3]) & self.classification > 0):
            if settings.HTTPBLREDIRECT:
               return HttpResponsePermanentRedirect(settings.HTTPBLREDIRECT)
            else:
               return HttpResponseNotFound('

Not Found


')

      return None

This should be all you need to be on your way and protecting your Django site from suspicious hosts, email harvesters, and comment spammers. But who am I to tell you what your settings should be? Here are the additional settings you can define in settings.py. The octets that these variables correspond with are fully documented in Http:BL API Specification – Query Responses.

# HTTBLAGE - represents the number of days since activity was seen on the Honey Pot network.  Defaults to 14
HTTPBLAGE = 14
# HTTPBLTHREAT = threat score assigned by Project Honey Pot, higher number is more of a threat.  Defaults to 30
HTTPBLTHREAT = 30
# HTTPBLCLASS = bitset category, see API doc for more details.  Defaults to 7 = Suspicious & Harvester & Comment Spammer
HTTPBLCLASS = 7

As mentioned above, it is suggested that you configure a QuickLink. If configured, you should set HTTPBLREDIRECT to your QuickLink URL to redirect any “bad” traffic away from your site and into a honeypot. Again, this would be defined in settings.py.

# HTTPBLREDIRECT = QuickLink Honey Pot URL that we direct the bad traffic to.  Default = "Not Found" response, no redirection.
HTTPBLREDIRECT = 'http://some.honeypot.url/goes/here'
This entry was posted in Announcements, Django. Bookmark the permalink.

Leave a Reply

Your email address will not be published. Required fields are marked *

*

You may use these HTML tags and attributes: <a href="" title=""> <abbr title=""> <acronym title=""> <b> <blockquote cite=""> <cite> <code> <del datetime=""> <em> <i> <q cite=""> <strike> <strong>