Introducing Masonite Security

Emily Techscribe Avatar
Emily Techscribe

·

Enhancing Security in Masonite Apps: Introducing Masonite Security

In today’s digital landscape, application security is of utmost importance. With the growing number of cyber threats, it’s crucial to protect your web applications from spamming bots, IP attacks, and SQL injections. That’s where Masonite Security comes in. This article will introduce you to Masonite Security and its features, explain how to install and configure it, and discuss its benefits for your Masonite apps.

Features

Masonite Security offers a range of features to secure your Masonite apps. Here are some of the key features:

  • Block IP’s: Masonite Security allows you to block specific IP addresses from accessing your app, preventing malicious activities originating from those IPs.
  • Block Bots: With Masonite Security, you can block bots and automated scripts that attempt to manipulate or exploit your app.
  • Throttle Requests: The Throttle Requests feature helps prevent abusive usage of your app by limiting the number of requests from a single IP within a specified time period.
  • Block SQL Injections (Coming Soon): The Masonite Security team is continuously working to enhance the package, and the upcoming release will include the ability to block SQL injections, adding an extra layer of security.

Installation

To start securing your Masonite apps with Masonite Security, you need to install the package. Simply run the following command:

bash
pip install masonite-security

Configuration

After installation, you need to configure Masonite Security in your project. Follow these steps:

  1. Add the SecurityProvider to your project’s config/providers.py file:

python
# config/providers.py
# ...
from security import SecurityProvider

# ...
PROVIDERS = [
    # ...
    # Third Party Providers
    SecurityProvider,
    # ...
]
  1. Publish the package resources by running the following command:

bash
python craft package:publish security

Register Middleware

You can set up the security middleware globally or on a per-route basis.

Global Setup:

To set up the security middleware globally, open the Kernal.py file in your project and add SecurityMiddleware to the “route_middleware” section:

python
route_middleware = {
      "web": [SessionMiddleware, LoadUserMiddleware, VerifyCsrfToken, SecurityMiddleware],
      "auth": [AuthenticationMiddleware],
  }

Per Route Setup:

To set up the security middleware per route, add the protect middleware to specific routes in your routes/web.py file:

python
Route.get("/", "WelcomeController@show").middleware("protect")

Configure Security

To customize the security settings, update your config/security.py file based on your requirements. Here are some key configuration options:

  • BLOCK_IP: Set this to True to enable IP blocking.
  • BLOCK_BOTS: Set this to True to enable blocking of bots.
  • THROTTLE_REQUESTS: Set this to True to enable request throttling.
  • MAX_REQUESTS: Specify the maximum number of requests allowed per IP (default: 20).
  • IP_BLOCK_DURATION: Specify the duration (in seconds) for which the blocked IP remains blocked (default: 60).
  • BLOCKED_IPS: Add specific IP addresses to block.
  • BLOCKED_BOTS: Add specific bot agent names to block.

Contributing

If you are interested in contributing to Masonite Security, please refer to the Contributing Documentation for guidelines and instructions.

Maintainers

The Masonite Security package is maintained by Yubaraj Shrestha. Reach out to him for any queries or support.

License

Masonite Security is open-sourced software licensed under the MIT license.

With Masonite Security, you can enhance the security of your Masonite apps and protect them from spamming bots, IP attacks, and SQL injections. Install Masonite Security today and enjoy the peace of mind that comes with robust application security.

“Security is not a product, but a process” – Bruce Schneier

Leave a Reply

Your email address will not be published. Required fields are marked *