Fail2ban is an intrusion prevention software framework. It’s a helpful utility designed more to protect ssh or shell access to Linux servers. But I was wondering if there is a similar way to restrict web visitors from attempting brute force their way through Django’s suite of
django.contrib.auth.mixins.LoginRequiredMixin or the official
django.contrib.auth.model’s builtin libraries which are smart enough to detect and handle malicious actors.
In the official Django doc on security precautions, it says:
Django does not throttle requests to authenticate users. To protect against brute-force attacks against the authentication system, you may consider deploying a Django plugin or web server module to throttle these requests.
I Googled ‘django throttling’ which turned up a single alpha-quality plugin with a GitHub repo whose most recent commit is August 2013: GitHub - night-crawler/django-throttling: A simple django throttling app
When I visit PyPi.org and search ‘django throttling’ (and order by recently updated), none seem relevant to my endeavour to locate a bruteforce prevention app.