settings.py 中引入这个中间件:

C:\Users\yys53\OneDrive\python\blog\blog\settings.py

MIDDLEWARE = [
    'blog.middleware.TestMiddleware'
]

 

1.使用固定ip禁止

在settings.py目录下新建一个 middleware.py 文件 

\blog\blog\middleware.py

from django.http import HttpResponse
from django.utils.deprecation import MiddlewareMixin    # 1.10.x

class TestMiddleware(MiddlewareMixin):
    def process_view(self,request,view_func,*view_args,**view_kwargs):
        EXCLUDE_IPS = ['192.168.31.1']
        if 'HTTP_X_FORWARDED_FOR' in  request.META:
            ip =  request.META['HTTP_X_FORWARDED_FOR']
        else:
            ip = request.META['REMOTE_ADDR']
        if ip in EXCLUDE_IPS:
            return HttpResponse('<h1>您的ip被禁止</h1>')

其中,关于自定义中间件的函数名称例如 process_view() ,还有其它的例如 _init_ 之类在文档中有具体解释,这里只用到这个。然后在 这个禁止得到ip

2.自动获取ip来禁止

可以自动获取一些危险ip保存数据库

\python\blog\home\models.py

class ProhibitIP(models.Model):
    ip = models.CharField(max_length=20, blank=True)
    date = models.DateField(auto_now_add=True)
    class Meta:
        db_table = 'ProhibitIP'
        verbose_name = '禁止的ip'
        verbose_name_plural = verbose_name

做了稍微修改,读取数据库的ip,如果存在数据库就禁止

\blog\blog\middleware.py 

from django.http import HttpResponse
from django.utils.deprecation import MiddlewareMixin    # 1.10.x
from home.models import ProhibitIP

class TestMiddleware(MiddlewareMixin):
    def process_view(self, request, view_func, *view_args, **view_kwargs):

        # EXCLUDE_IPS = ['171.9.198.193']
        # print(EXCLUDE_IPS)
        if 'HTTP_X_FORWARDED_FOR' in request.META:
            ip = request.META['HTTP_X_FORWARDED_FOR']
        else:
            ip = request.META['REMOTE_ADDR']
        ip = ProhibitIP.objects.filter(ip=ip)
        # print(ip)
        if ip:
            return HttpResponse('<h1>很遗憾,您的ip被永久禁止,如有误操作联系邮箱534640040@qq.com</h1>')