Home>

Thank you. Introduced django-axes. It will be implemented in win10 local environment.

For example, suppose you create the following user.
[email protected]
[email protected]
[email protected]

If [email protected] exceeds the number of attempts
[email protected] or
[email protected] can no longer log in, and the screen transitions to lock template.html.

If [email protected] exceeds the number of attempts
How can I set only [email protected] to lock?

INSTALLED_APPS = [
    'django.contrib.admin',
    'django.contrib.auth',
    'django.contrib.contenttypes',
    'django.contrib.sessions',
    'django.contrib.messages',
    'django.contrib.staticfiles',
    # Axes app can be in any position in the INSTALLED_APPS list.
    'axes',
]

AUTHENTICATION_BACKENDS = [
    # AxesBackend should be the first backend in the AUTHENTICATION_BACKENDS list.
    'axes.backends.AxesBackend',
    # Django ModelBackend is the default authentication backend.
    'django.contrib.auth.backends.ModelBackend',
]
MIDDLEWARE = ​​[
    # The following is the list of default middleware in new Django projects.
    'django.middleware.security.SecurityMiddleware',
    'django.contrib.sessions.middleware.SessionMiddleware',
    'django.middleware.common.CommonMiddleware',
    'django.middleware.csrf.CsrfViewMiddleware',
    'django.contrib.auth.middleware.AuthenticationMiddleware',
    'django.contrib.messages.middleware.MessageMiddleware',
    'django.middleware.clickjacking.XFrameOptionsMiddleware',
    # AxesMiddleware should be the last middleware in the MIDDLEWARE list.
    # It only formats user lockout messages and renders Axes lockout responses
    # on failed user authentication attempts from login views.
    # If i do not want Axes to override the authentication response
    # you can skip installing the middleware and use your own views.
    'axes.middleware.AxesMiddleware',
]

Run and check configuration python manage.py check
Run and sync database python manage.py migrate

The above has been done. If i cancel, you can confirm that you can log in normally.

The cache settings are as follows. For the introduction of axes in a test environment,
With IP at 127.0.0.1
Even user1
Even user2
Even user3
Does that mean you can't log in at all?

Perform an IP check for users who have exceeded the number of password entry trials and disable login for the corresponding IP (127.0.0.1). Furthermore, does it mean that logins with different user names are being rejected on the same IP?

CACHES = {
    'default': {
        'BACKEND': 'django.core.cache.backends.locmem.LocMemCache',
    },
    'axes_cache': {
        'BACKEND': 'django.core.cache.backends.dummy.DummyCache',
    }
}
AXES_CACHE = 'axes'
AXES_FAILURE_LIMIT = 5
AXES_LOCKOUT_TEMPLATE = 'locked.html'
AXES_COOLOFF_TIME = 24
AXES_LOGGER = 'custom_logger'

Head family
https://django-axes.readthedocs.io/en/latest/3_usage.html

Reference URL
https://medium.com/creditengine-tech/django-axes%E3%81%A7%E3%82%A2%E3%82%AB%E3%82%A6%E3%83%B3%E3%83% 88% E3% 83% AD% E3% 83% 83% E3% 82% AF% E6% A9% 9F% E8% 83% BD% E4% BB% 98% E3% 81% 8Ddjango% E3% 82% A2% E3% 83% 97% E3% 83% AA% E3% 82% 92% E9% 96% 8B% E7% 99% BA% E3% 81% 99% E3% 82% 8B-e5414cc674e0

  • Answer # 1

    django-axes is locked by IP address by default, so if the same IP as the questioner says, if one user is locked, other users will not be able to log in.
    You can switch to locking by username by addingAXES_ONLY_USER_FAILURES = Trueto settings.py.

    Reference
    https://django-axes.readthedocs.io/en/latest/4_configuration.html

Related articles