Django 限制 admin 后台IP访问权限
一. 创建py文件,配置后台管理的路径,及可访问后台的公网IP
import ipaddress from django.http.response import HttpResponseForbidden class AdminSecureMiddleware(object): admin_url = '/admin' # 限制访问的后台地址 allow_networks = [ ipaddress.ip_network('41.xx.xx.xx'), # ipaddress.ip_network('3x.xxx.xx.xx'), # 多个ip时增加一条记录 ] allow_addresses = [] @classmethod def get_allow_addresses(cls): if len(cls.allow_addresses) > 0: return cls.allow_addresses for network in cls.allow_networks: for ip in network: cls.allow_addresses.append(ip) return cls.allow_addresses def __init__(self, get_response): self.get_response = get_response def __call__(self, request): response = self.get_response(request) ip_addr = ipaddress.ip_address(request.META.get('REMOTE_ADDR')) if request.path.startswith(self.admin_url): if ip_addr not in self.get_allow_addresses(): return HttpResponseForbidden() return response
二. settings.py 中配置中间件
MIDDLEWARE = [ 'django.middleware.security.SecurityMiddleware', 'django.contrib.sessions.middleware.SessionMiddleware', 'django.middleware.common.CommonMiddleware', 'django.middleware.csrf.CsrfViewMiddleware', 'django.contrib.auth.middleware.AuthenticationMiddleware', 'django.contrib.messages.middleware.MessageMiddleware', 'django.middleware.clickjacking.XFrameOptionsMiddleware', 'apps.admin_secure.AdminSecureMiddleware', # 在这里配置文件目录 ]