Django 限制 admin 后台IP访问权限

 

一. 创建py文件，配置后台管理的路径，及可访问后台的公网IP

import ipaddress
from django.http.response import HttpResponseForbidden


class AdminSecureMiddleware(object):

    admin_url = '/admin'    # 限制访问的后台地址
    allow_networks = [
        ipaddress.ip_network('41.xx.xx.xx'),
        # ipaddress.ip_network('3x.xxx.xx.xx'),     # 多个ip时增加一条记录
    ]
    allow_addresses = []
    @classmethod
    def get_allow_addresses(cls):
        if len(cls.allow_addresses) > 0:
            return cls.allow_addresses
        for network in cls.allow_networks:
            for ip in network:
                cls.allow_addresses.append(ip)
        return cls.allow_addresses
    def __init__(self, get_response):
        self.get_response = get_response
    def __call__(self, request):
        response = self.get_response(request)
        ip_addr = ipaddress.ip_address(request.META.get('REMOTE_ADDR'))
        if request.path.startswith(self.admin_url):
            if ip_addr not in self.get_allow_addresses():
                return HttpResponseForbidden()
        return response

 

二. settings.py 中配置中间件

MIDDLEWARE = [
    'django.middleware.security.SecurityMiddleware',
    'django.contrib.sessions.middleware.SessionMiddleware',
    'django.middleware.common.CommonMiddleware',
    'django.middleware.csrf.CsrfViewMiddleware',
    'django.contrib.auth.middleware.AuthenticationMiddleware',
    'django.contrib.messages.middleware.MessageMiddleware',
    'django.middleware.clickjacking.XFrameOptionsMiddleware',
    'apps.admin_secure.AdminSecureMiddleware',  # 在这里配置文件目录
]