Just my blog

Blog about everything, mostly about tech stuff I made. Here is the list of stuff I'm using at my blog. Feel free to ask me about implementations.

Soft I recommend
Py lib I recommend

I'm using these libraries so you can ask me about them.

Django middleware for the rescue!

Now I can save visitors locally without external tools and also track a bad acting requests.

Finally, I can have a better working middleware which can catch HTTP status errors, make a redirect-response to the main page and also save a visitor.

Now I can also catch HTTP status codes in the database to see what a bad actor wants to achieve.

Thanks to: LINK

I can now save site visits without external analytics and save a bad example to later expose them in a fancy table.

Only I need to mask IP addresses before I show requests and paths to the public.

TBH I also need to add some load balancing.

    def __call__(self, request: HttpRequest) -> typing.Optional[HttpResponse]:
        Check request for validity here and response with correct answers.
        Use bad codes when needed.
        Save visitor now with status code relation.
        :param request:
            response = self.get_response(request)
        except SuspiciousOperation as e:
            save_visit_task(request, status='SUS')
            return HttpResponseForbidden('CSRF verification failed.')
        except Exception as e:
            log.error(f"General …


I finally made the comments at this site.

Please use the comments form below any post.
Or leave feedback on the Feedback page if you want to ask a general question.

I use Disqus for comments, you might need to clear your cookies at this site if Disqus fails to load properly.

UPD: Also, I'm saving a lot of data for each HTTP request to get a list of the most common URLs and POST\GET arguments.
It's interesting to see some "smartass" XSS scripts targeting WordPress admin or plugins.


Soon I'll create a view at this site with the TOP list of such kinds of requests.

Interestingly I've updated this module to save just visits counters to be able to see visitors without logging into Google Analytics. I can't use that regularly, because my Pi-Hole cuts it. So, as soon as I manage to add a better sorting in this module, I'll show you this …


Django fast hints

Here some fast hints to remember: Migration:

cd ~/myproject
python manage.py makemigrations
python manage.py migrate

  Alias /static/ "/var/www/smm_tools/site/"  


Django + apache2 + mod_wsgi

This is conf file to allow apache run Django applications.

# Web site at /var/www/smm_tools
# Python scripts at /var/www/smm_tools/smm_py

#LoadModule wsgi_module /usr/lib64/httpd/modules/mod_wsgi.so

<VirtualHost *:80>
    ServerName smm.www.trianglesis.org.ua
    ServerAlias www.smm.www.trianglesis.org.ua
    ServerAdmin it@www.trianglesis.org.ua
    DocumentRoot /var/www/smm_tools/

    ErrorLog "|/usr/sbin/rotatelogs /var/log/smm_tools/cargo.error.%Y-%m-%d.log 86400"
    CustomLog "|/usr/sbin/rotatelogs /var/log/smm_tools/cargo.access.%Y-%m-%d.log 86400" combined
    ServerSignature On

    Alias /css/         "/var/www/smm_tools/site/css"
    Alias /js/          "/var/www/smm_tools/site/js/"
    Alias /templates/   "var/www/smm_tools/site/templates/"
    Alias /fonts/       "/var/www/smm_tools/fonts/"

    #WSGIScriptAlias / /var/www/smm_tools/smm_tools.wsgi
    #WSGIPythonPath /var/www/smm_tools

    <Directory /var/www/smm_tools/smm_py/smm_py>
        <Files wsgi.py>
            Require all granted
    WSGIDaemonProcess smm_tools python-path=/var/www/smm_tools/smm_py:/usr/local/lib/python3.4/site-packages/
    WSGIProcessGroup smm_tools
    WSGIScriptAlias / /var/www/smm_tools/smm_py/smm_py/wsgi.py


Use these links:

  • https://www.digitalocean.com/community/tutorials/how-to-run-django-with-mod_wsgi-and-apache-with-a-virtualenv-python-environment-on-a-debian-vps
  • https://www.digitalocean.com/community/tutorials/how-to-serve-django-applications-with-apache-and-mod_wsgi-on-ubuntu-14-04
  • https://docs.djangoproject.com/en/1.8/howto/deployment/wsgi/

Don't forget to use correct IPs - domains, and addresses. Especially if proxy pass is used.