Does your django-site records 'failed access attempts" 🤷
if no, then this blog is for you and your django site..
In this blog, we will see a "django package" that will track the "failed access attempts" for site.
Let's start! 🚀
📦 Package - "django-axes"
What is "django-axes" 🤷
Axes is a Django package to track suspicious login attempts for your Django based website and implementing brute-force attack blocking.
Python - v3.6 and above
pip install django-axes
Add axes to your installed apps in settings.py
INSTALLED_APPS = [ 'django.contrib.admin', 'django.contrib.auth', 'django.contrib.contenttypes', 'django.contrib.sessions', 'django.contrib.messages', 'django.contrib.staticfiles', ... 'axes', ]
Add AxesBackend to the top of AUTHENTICATION_BACKENDS:
AUTHENTICATION_BACKENDS = [ 'axes.backends.AxesBackend', 'django.contrib.auth.backends.ModelBackend', ]
Add AxesMiddleware to your middleware
MIDDLEWARE = [
Then, run this command to check the configuration.
python manage.py check
Aaaand, last one.
python manage.py migrate
to sync 🔄 the database.
Now go to your admin panel and you'll see two sections,
Access attempts and Access logs
Now, Axes is functional with the default settings and is saving user attempts into your database and locking users out if they exceed the maximum attempts.
There are couple of things you can do while testing.