aiwaf 0.1.7.7__tar.gz → 0.1.8.1__tar.gz

{aiwaf-0.1.7.7/aiwaf.egg-info → aiwaf-0.1.8.1}/PKG-INFO

@@ -1,6 +1,6 @@
 Metadata-Version: 2.4
 Name: aiwaf
-Version: 0.1.7.7
+Version: 0.1.8.1
 Summary: AI-powered Web Application Firewall
 Home-page: https://github.com/aayushgauba/aiwaf
 Author: Aayush Gauba
@@ -9,6 +9,11 @@ License: MIT
 Requires-Python: >=3.8
 Description-Content-Type: text/markdown
 License-File: LICENSE
+Requires-Dist: Django>=3.2
+Requires-Dist: numpy>=1.21
+Requires-Dist: pandas>=1.3
+Requires-Dist: scikit-learn>=1.0
+Requires-Dist: joblib>=1.1
 Dynamic: author
 Dynamic: home-page
 Dynamic: license-file
@@ -72,19 +77,58 @@ aiwaf/
 - **File‑Extension Probing Detection**  
   Tracks repeated 404s on common extensions (e.g. `.php`, `.asp`) and blocks IPs.
 
-- **Honeypot Field**  
-  Hidden field for bot detection → IP blacklisted on fill.
+- **Timing-Based Honeypot**  
+  Tracks GET→POST timing patterns. Blocks IPs that:
+  - POST directly without a preceding GET request
+  - Submit forms faster than `AIWAF_MIN_FORM_TIME` seconds (default: 1 second)
 
 - **UUID Tampering Protection**  
   Blocks guessed or invalid UUIDs that don’t resolve to real models.
 
-- **Exempt Path Awareness**  
-  Fully respects `AIWAF_EXEMPT_PATHS` across all modules — exempt paths are:
+
+**Exempt Path & IP Awareness**
+
+**Exempt Paths:**
+Set `AIWAF_EXEMPT_PATHS` in your Django `settings.py` (not in your code). Fully respects this setting across all modules — exempt paths are:
   - Skipped from keyword learning
   - Immune to AI blocking
   - Ignored in log training
   - Cleaned from `DynamicKeyword` model automatically
 
+**Exempt IPs:**
+You can exempt specific IP addresses from all blocking and blacklisting logic. Exempted IPs will:
+  - Never be added to the blacklist (even if they trigger rules)
+  - Be automatically removed from the blacklist during retraining
+  - Bypass all block/deny logic in middleware
+
+### Managing Exempt IPs
+
+Add an IP to the exemption list using the management command:
+
+```bash
+python manage.py add_ipexemption <ip-address> --reason "optional reason"
+```
+
+### Resetting AI-WAF
+
+Clear all blacklist and exemption entries:
+
+```bash
+# Clear everything (with confirmation prompt)
+python manage.py aiwaf_reset
+
+# Clear everything without confirmation
+python manage.py aiwaf_reset --confirm
+
+# Clear only blacklist entries
+python manage.py aiwaf_reset --blacklist-only
+
+# Clear only exemption entries  
+python manage.py aiwaf_reset --exemptions-only
+```
+
+This will ensure the IP is never blocked by AI‑WAF. You can also manage exemptions via the Django admin interface.
+
 - **Daily Retraining**  
   Reads rotated logs, auto‑blocks 404 floods, retrains the IsolationForest, updates `model.pkl`, and evolves the keyword DB.
 
@@ -119,13 +163,13 @@ AIWAF_ACCESS_LOG = "/var/log/nginx/access.log"
 
 ```python
 AIWAF_MODEL_PATH         = BASE_DIR / "aiwaf" / "resources" / "model.pkl"
-AIWAF_HONEYPOT_FIELD     = "hp_field"
+AIWAF_MIN_FORM_TIME      = 1.0        # minimum seconds between GET and POST
 AIWAF_RATE_WINDOW        = 10         # seconds
 AIWAF_RATE_MAX           = 20         # max requests per window
 AIWAF_RATE_FLOOD         = 10         # flood threshold
 AIWAF_WINDOW_SECONDS     = 60         # anomaly detection window
 AIWAF_FILE_EXTENSIONS    = [".php", ".asp", ".jsp"]
-AIWAF_EXEMPT_PATHS       = [          # optional but highly recommended
+AIWAF_EXEMPT_PATHS = [          # optional but highly recommended
     "/favicon.ico",
     "/robots.txt",
     "/static/",
@@ -147,7 +191,7 @@ MIDDLEWARE = [
     "aiwaf.middleware.IPAndKeywordBlockMiddleware",
     "aiwaf.middleware.RateLimitMiddleware",
     "aiwaf.middleware.AIAnomalyMiddleware",
-    "aiwaf.middleware.HoneypotMiddleware",
+    "aiwaf.middleware.HoneypotTimingMiddleware",
     "aiwaf.middleware.UUIDTamperMiddleware",
     # ... other middleware ...
 ]
@@ -155,24 +199,7 @@ MIDDLEWARE = [
 
 ---
 
-## 🕵️ Honeypot Field (in your template)
-
-```django
-{% load aiwaf_tags %}
-
-<form method="post">
-  {% csrf_token %}
-  {% honeypot_field %}
-  <!-- your real fields -->
-</form>
-```
-
-> Renders a hidden `<input name="hp_field" style="display:none">`.  
-> Any non‑empty submission → IP blacklisted.
-
----
-
-## 🔁 Running Detection & Training
+##  Running Detection & Training
 
 ```bash
 python manage.py detect_and_train
@@ -195,7 +222,7 @@ python manage.py detect_and_train
 | IPAndKeywordBlockMiddleware        | Blocks requests from known blacklisted IPs and Keywords         |
 | RateLimitMiddleware                | Enforces burst & flood thresholds                               |
 | AIAnomalyMiddleware                | ML‑driven behavior analysis + block on anomaly                  |
-| HoneypotMiddleware                 | Detects bots filling hidden inputs in forms                     |
+| HoneypotTimingMiddleware           | Detects bots via GET→POST timing analysis                       |
 | UUIDTamperMiddleware               | Blocks guessed/nonexistent UUIDs across all models in an app    |
 
 ---

aiwaf-0.1.7.7/PKG-INFO → aiwaf-0.1.8.1/README.md

@@ -1,19 +1,3 @@
-Metadata-Version: 2.4
-Name: aiwaf
-Version: 0.1.7.7
-Summary: AI-powered Web Application Firewall
-Home-page: https://github.com/aayushgauba/aiwaf
-Author: Aayush Gauba
-Author-email: Aayush Gauba <gauba.aayush@gmail.com>
-License: MIT
-Requires-Python: >=3.8
-Description-Content-Type: text/markdown
-License-File: LICENSE
-Dynamic: author
-Dynamic: home-page
-Dynamic: license-file
-Dynamic: requires-python
-
 
 # AI‑WAF
 
@@ -72,19 +56,58 @@ aiwaf/
 - **File‑Extension Probing Detection**  
   Tracks repeated 404s on common extensions (e.g. `.php`, `.asp`) and blocks IPs.
 
-- **Honeypot Field**  
-  Hidden field for bot detection → IP blacklisted on fill.
+- **Timing-Based Honeypot**  
+  Tracks GET→POST timing patterns. Blocks IPs that:
+  - POST directly without a preceding GET request
+  - Submit forms faster than `AIWAF_MIN_FORM_TIME` seconds (default: 1 second)
 
 - **UUID Tampering Protection**  
   Blocks guessed or invalid UUIDs that don’t resolve to real models.
 
-- **Exempt Path Awareness**  
-  Fully respects `AIWAF_EXEMPT_PATHS` across all modules — exempt paths are:
+
+**Exempt Path & IP Awareness**
+
+**Exempt Paths:**
+Set `AIWAF_EXEMPT_PATHS` in your Django `settings.py` (not in your code). Fully respects this setting across all modules — exempt paths are:
   - Skipped from keyword learning
   - Immune to AI blocking
   - Ignored in log training
   - Cleaned from `DynamicKeyword` model automatically
 
+**Exempt IPs:**
+You can exempt specific IP addresses from all blocking and blacklisting logic. Exempted IPs will:
+  - Never be added to the blacklist (even if they trigger rules)
+  - Be automatically removed from the blacklist during retraining
+  - Bypass all block/deny logic in middleware
+
+### Managing Exempt IPs
+
+Add an IP to the exemption list using the management command:
+
+```bash
+python manage.py add_ipexemption <ip-address> --reason "optional reason"
+```
+
+### Resetting AI-WAF
+
+Clear all blacklist and exemption entries:
+
+```bash
+# Clear everything (with confirmation prompt)
+python manage.py aiwaf_reset
+
+# Clear everything without confirmation
+python manage.py aiwaf_reset --confirm
+
+# Clear only blacklist entries
+python manage.py aiwaf_reset --blacklist-only
+
+# Clear only exemption entries  
+python manage.py aiwaf_reset --exemptions-only
+```
+
+This will ensure the IP is never blocked by AI‑WAF. You can also manage exemptions via the Django admin interface.
+
 - **Daily Retraining**  
   Reads rotated logs, auto‑blocks 404 floods, retrains the IsolationForest, updates `model.pkl`, and evolves the keyword DB.
 
@@ -119,13 +142,13 @@ AIWAF_ACCESS_LOG = "/var/log/nginx/access.log"
 
 ```python
 AIWAF_MODEL_PATH         = BASE_DIR / "aiwaf" / "resources" / "model.pkl"
-AIWAF_HONEYPOT_FIELD     = "hp_field"
+AIWAF_MIN_FORM_TIME      = 1.0        # minimum seconds between GET and POST
 AIWAF_RATE_WINDOW        = 10         # seconds
 AIWAF_RATE_MAX           = 20         # max requests per window
 AIWAF_RATE_FLOOD         = 10         # flood threshold
 AIWAF_WINDOW_SECONDS     = 60         # anomaly detection window
 AIWAF_FILE_EXTENSIONS    = [".php", ".asp", ".jsp"]
-AIWAF_EXEMPT_PATHS       = [          # optional but highly recommended
+AIWAF_EXEMPT_PATHS = [          # optional but highly recommended
     "/favicon.ico",
     "/robots.txt",
     "/static/",
@@ -147,7 +170,7 @@ MIDDLEWARE = [
     "aiwaf.middleware.IPAndKeywordBlockMiddleware",
     "aiwaf.middleware.RateLimitMiddleware",
     "aiwaf.middleware.AIAnomalyMiddleware",
-    "aiwaf.middleware.HoneypotMiddleware",
+    "aiwaf.middleware.HoneypotTimingMiddleware",
     "aiwaf.middleware.UUIDTamperMiddleware",
     # ... other middleware ...
 ]
@@ -155,24 +178,7 @@ MIDDLEWARE = [
 
 ---
 
-## 🕵️ Honeypot Field (in your template)
-
-```django
-{% load aiwaf_tags %}
-
-<form method="post">
-  {% csrf_token %}
-  {% honeypot_field %}
-  <!-- your real fields -->
-</form>
-```
-
-> Renders a hidden `<input name="hp_field" style="display:none">`.  
-> Any non‑empty submission → IP blacklisted.
-
----
-
-## 🔁 Running Detection & Training
+##  Running Detection & Training
 
 ```bash
 python manage.py detect_and_train
@@ -195,7 +201,7 @@ python manage.py detect_and_train
 | IPAndKeywordBlockMiddleware        | Blocks requests from known blacklisted IPs and Keywords         |
 | RateLimitMiddleware                | Enforces burst & flood thresholds                               |
 | AIAnomalyMiddleware                | ML‑driven behavior analysis + block on anomaly                  |
-| HoneypotMiddleware                 | Detects bots filling hidden inputs in forms                     |
+| HoneypotTimingMiddleware           | Detects bots via GET→POST timing analysis                       |
 | UUIDTamperMiddleware               | Blocks guessed/nonexistent UUIDs across all models in an app    |
 
 ---

aiwaf-0.1.8.1/aiwaf/management/commands/add_ipexemption.py

@@ -0,0 +1,22 @@
+from django.core.management.base import BaseCommand, CommandError
+from aiwaf.models import IPExemption
+
+class Command(BaseCommand):
+    help = 'Add an IP address to the IPExemption list (prevents blacklisting)'
+
+    def add_arguments(self, parser):
+        parser.add_argument('ip', type=str, help='IP address to exempt')
+        parser.add_argument('--reason', type=str, default='', help='Reason for exemption (optional)')
+
+    def handle(self, *args, **options):
+        ip = options['ip']
+        reason = options['reason']
+        obj, created = IPExemption.objects.get_or_create(ip_address=ip, defaults={'reason': reason})
+        if not created:
+            self.stdout.write(self.style.WARNING(f'IP {ip} is already exempted.'))
+        else:
+            self.stdout.write(self.style.SUCCESS(f'IP {ip} added to exemption list.'))
+        if reason:
+            obj.reason = reason
+            obj.save()
+            self.stdout.write(self.style.SUCCESS(f'Reason set to: {reason}'))

aiwaf-0.1.8.1/aiwaf/management/commands/aiwaf_reset.py

@@ -0,0 +1,84 @@
+from django.core.management.base import BaseCommand
+from aiwaf.models import BlacklistEntry, IPExemption
+
+class Command(BaseCommand):
+    help = 'Reset AI-WAF by clearing all blacklist and exemption (whitelist) entries'
+
+    def add_arguments(self, parser):
+        parser.add_argument(
+            '--blacklist-only',
+            action='store_true',
+            help='Clear only blacklist entries, keep exemptions'
+        )
+        parser.add_argument(
+            '--exemptions-only',
+            action='store_true',
+            help='Clear only exemption entries, keep blacklist'
+        )
+        parser.add_argument(
+            '--confirm',
+            action='store_true',
+            help='Skip confirmation prompt'
+        )
+
+    def handle(self, *args, **options):
+        blacklist_only = options['blacklist_only']
+        exemptions_only = options['exemptions_only']
+        confirm = options['confirm']
+        
+        # Count current entries
+        blacklist_count = BlacklistEntry.objects.count()
+        exemption_count = IPExemption.objects.count()
+        
+        if blacklist_only and exemptions_only:
+            self.stdout.write(self.style.ERROR('Cannot use both --blacklist-only and --exemptions-only flags'))
+            return
+        
+        # Determine what to clear
+        if blacklist_only:
+            action = f"Clear {blacklist_count} blacklist entries"
+            clear_blacklist = True
+            clear_exemptions = False
+        elif exemptions_only:
+            action = f"Clear {exemption_count} exemption entries"
+            clear_blacklist = False
+            clear_exemptions = True
+        else:
+            action = f"Clear {blacklist_count} blacklist entries and {exemption_count} exemption entries"
+            clear_blacklist = True
+            clear_exemptions = True
+        
+        # Show what will be cleared
+        self.stdout.write(f"AI-WAF Reset: {action}")
+        
+        if not confirm:
+            response = input("Are you sure you want to proceed? [y/N]: ")
+            if response.lower() not in ['y', 'yes']:
+                self.stdout.write(self.style.WARNING('Operation cancelled'))
+                return
+        
+        # Perform the reset
+        deleted_counts = {'blacklist': 0, 'exemptions': 0}
+        
+        if clear_blacklist:
+            deleted_counts['blacklist'], _ = BlacklistEntry.objects.all().delete()
+        
+        if clear_exemptions:
+            deleted_counts['exemptions'], _ = IPExemption.objects.all().delete()
+        
+        # Report results
+        if clear_blacklist and clear_exemptions:
+            self.stdout.write(
+                self.style.SUCCESS(
+                    f"✅ Reset complete: Deleted {deleted_counts['blacklist']} blacklist entries "
+                    f"and {deleted_counts['exemptions']} exemption entries"
+                )
+            )
+        elif clear_blacklist:
+            self.stdout.write(
+                self.style.SUCCESS(f"✅ Blacklist cleared: Deleted {deleted_counts['blacklist']} entries")
+            )
+        elif clear_exemptions:
+            self.stdout.write(
+                self.style.SUCCESS(f"✅ Exemptions cleared: Deleted {deleted_counts['exemptions']} entries")
+            )

{aiwaf-0.1.7.7 → aiwaf-0.1.8.1}/aiwaf/middleware.py

@@ -16,7 +16,9 @@ from django.apps import apps
 from django.urls import get_resolver
 from .trainer import STATIC_KW, STATUS_IDX, is_exempt_path, path_exists_in_django
 from .blacklist_manager import BlacklistManager
-from .models import DynamicKeyword
+from .models import DynamicKeyword, IPExemption
+def is_ip_exempted(ip):
+    return IPExemption.objects.filter(ip_address=ip).exists()
 
 def is_exempt_path(path):
     path = path.lower()
@@ -77,6 +79,8 @@ class IPAndKeywordBlockMiddleware:
             return self.get_response(request)
         ip = get_ip(request)
         path = raw_path.lstrip("/")
+        if is_ip_exempted(ip):
+            return self.get_response(request)
         if BlacklistManager.is_blocked(ip):
             return JsonResponse({"error": "blocked"}, status=403)
         segments = [seg for seg in re.split(r"\W+", path) if len(seg) > 3]
@@ -95,8 +99,9 @@ class IPAndKeywordBlockMiddleware:
         }
         for seg in segments:
             if seg in suspicious_kw:
-                BlacklistManager.block(ip, f"Keyword block: {seg}")
-                return JsonResponse({"error": "blocked"}, status=403)
+                if not is_ip_exempted(ip):
+                    BlacklistManager.block(ip, f"Keyword block: {seg}")
+                    return JsonResponse({"error": "blocked"}, status=403)
         return self.get_response(request)
 
 
@@ -120,8 +125,9 @@ class RateLimitMiddleware:
         timestamps.append(now)
         cache.set(key, timestamps, timeout=self.WINDOW)
         if len(timestamps) > self.FLOOD:
-            BlacklistManager.block(ip, "Flood pattern")
-            return JsonResponse({"error": "blocked"}, status=403)
+            if not is_ip_exempted(ip):
+                BlacklistManager.block(ip, "Flood pattern")
+                return JsonResponse({"error": "blocked"}, status=403)
         if len(timestamps) > self.MAX:
             return JsonResponse({"error": "too_many_requests"}, status=429)
         return self.get_response(request)
@@ -141,6 +147,8 @@ class AIAnomalyMiddleware(MiddlewareMixin):
             return None
         request._start_time = time.time()
         ip = get_ip(request)
+        if is_ip_exempted(ip):
+            return None
         if BlacklistManager.is_blocked(ip):
             return JsonResponse({"error": "blocked"}, status=403)
         return None
@@ -166,8 +174,9 @@ class AIAnomalyMiddleware(MiddlewareMixin):
         feats = [path_len, kw_hits, resp_time, status_idx, burst_count, total_404]
         X = np.array(feats, dtype=float).reshape(1, -1)
         if self.model.predict(X)[0] == -1:
-            BlacklistManager.block(ip, "AI anomaly")
-            return JsonResponse({"error": "blocked"}, status=403)
+            if not is_ip_exempted(ip):
+                BlacklistManager.block(ip, "AI anomaly")
+                return JsonResponse({"error": "blocked"}, status=403)
 
         data.append((now, request.path, response.status_code, resp_time))
         data = [d for d in data if now - d[0] < self.WINDOW]
@@ -180,15 +189,37 @@ class AIAnomalyMiddleware(MiddlewareMixin):
         return response
 
 
-class HoneypotMiddleware(MiddlewareMixin):
-    def process_view(self, request, view_func, view_args, view_kwargs):
+class HoneypotTimingMiddleware(MiddlewareMixin):
+    MIN_FORM_TIME = getattr(settings, "AIWAF_MIN_FORM_TIME", 1.0)  # seconds
+    
+    def process_request(self, request):
         if is_exempt_path(request.path):
             return None
-        trap = request.POST.get(getattr(settings, "AIWAF_HONEYPOT_FIELD", "hp_field"), "")
-        if trap:
-            ip = get_ip(request)
-            BlacklistManager.block(ip, "HONEYPOT triggered")
-            return JsonResponse({"error": "bot_detected"}, status=403)
+            
+        ip = get_ip(request)
+        if is_ip_exempted(ip):
+            return None
+            
+        if request.method == "GET":
+            # Store timestamp for this IP's GET request
+            cache.set(f"honeypot_get:{ip}", time.time(), timeout=300)  # 5 min timeout
+        
+        elif request.method == "POST":
+            # Check if there was a preceding GET request
+            get_time = cache.get(f"honeypot_get:{ip}")
+            
+            if get_time is None:
+                # No GET request - likely bot posting directly
+                BlacklistManager.block(ip, "Direct POST without GET")
+                return JsonResponse({"error": "blocked"}, status=403)
+            
+            # Check timing
+            time_diff = time.time() - get_time
+            if time_diff < self.MIN_FORM_TIME:
+                # Posted too quickly - likely bot
+                BlacklistManager.block(ip, f"Form submitted too quickly ({time_diff:.2f}s)")
+                return JsonResponse({"error": "blocked"}, status=403)
+        
         return None
 
 
@@ -211,5 +242,6 @@ class UUIDTamperMiddleware(MiddlewareMixin):
                 except (ValueError, TypeError):
                     continue
 
-        BlacklistManager.block(ip, "UUID tampering")
-        return JsonResponse({"error": "blocked"}, status=403)
+        if not is_ip_exempted(ip):
+            BlacklistManager.block(ip, "UUID tampering")
+            return JsonResponse({"error": "blocked"}, status=403)

{aiwaf-0.1.7.7 → aiwaf-0.1.8.1}/aiwaf/models.py

@@ -33,4 +33,14 @@ class DynamicKeyword(models.Model):
     last_updated = models.DateTimeField(auto_now=True)
 
     class Meta:
-        ordering = ['-count']
+        ordering = ['-count']
+
+
+# Model to store IP addresses that are exempt from blacklisting
+class IPExemption(models.Model):
+    ip_address = models.GenericIPAddressField(unique=True, db_index=True)
+    reason     = models.CharField(max_length=100, blank=True, default="")
+    created_at = models.DateTimeField(auto_now_add=True)
+
+    def __str__(self):
+        return f"{self.ip_address} (Exempted: {self.reason})"

{aiwaf-0.1.7.7 → aiwaf-0.1.8.1}/aiwaf/trainer.py

@@ -26,8 +26,10 @@ _LOG_RX = re.compile(
     r'(\d{3}).*?"(.*?)" "(.*?)".*?response-time=(\d+\.\d+)'
 )
 
+
 BlacklistEntry = apps.get_model("aiwaf", "BlacklistEntry")
 DynamicKeyword = apps.get_model("aiwaf", "DynamicKeyword")
+IPExemption = apps.get_model("aiwaf", "IPExemption")
 
 
 def is_exempt_path(path: str) -> bool:
@@ -103,6 +105,10 @@ def _parse(line: str) -> dict | None:
 
 def train() -> None:
     remove_exempt_keywords()
+    # Remove any IPs in IPExemption from the blacklist
+    exempt_ips = set(IPExemption.objects.values_list("ip_address", flat=True))
+    if exempt_ips:
+        BlacklistEntry.objects.filter(ip_address__in=exempt_ips).delete()
     raw_lines = _read_all_logs()
     if not raw_lines:
         print("No log lines found – check AIWAF_ACCESS_LOG setting.")

aiwaf-0.1.7.7/README.md → aiwaf-0.1.8.1/aiwaf.egg-info/PKG-INFO

@@ -1,3 +1,24 @@
+Metadata-Version: 2.4
+Name: aiwaf
+Version: 0.1.8.1
+Summary: AI-powered Web Application Firewall
+Home-page: https://github.com/aayushgauba/aiwaf
+Author: Aayush Gauba
+Author-email: Aayush Gauba <gauba.aayush@gmail.com>
+License: MIT
+Requires-Python: >=3.8
+Description-Content-Type: text/markdown
+License-File: LICENSE
+Requires-Dist: Django>=3.2
+Requires-Dist: numpy>=1.21
+Requires-Dist: pandas>=1.3
+Requires-Dist: scikit-learn>=1.0
+Requires-Dist: joblib>=1.1
+Dynamic: author
+Dynamic: home-page
+Dynamic: license-file
+Dynamic: requires-python
+
 
 # AI‑WAF
 
@@ -56,19 +77,58 @@ aiwaf/
 - **File‑Extension Probing Detection**  
   Tracks repeated 404s on common extensions (e.g. `.php`, `.asp`) and blocks IPs.
 
-- **Honeypot Field**  
-  Hidden field for bot detection → IP blacklisted on fill.
+- **Timing-Based Honeypot**  
+  Tracks GET→POST timing patterns. Blocks IPs that:
+  - POST directly without a preceding GET request
+  - Submit forms faster than `AIWAF_MIN_FORM_TIME` seconds (default: 1 second)
 
 - **UUID Tampering Protection**  
   Blocks guessed or invalid UUIDs that don’t resolve to real models.
 
-- **Exempt Path Awareness**  
-  Fully respects `AIWAF_EXEMPT_PATHS` across all modules — exempt paths are:
+
+**Exempt Path & IP Awareness**
+
+**Exempt Paths:**
+Set `AIWAF_EXEMPT_PATHS` in your Django `settings.py` (not in your code). Fully respects this setting across all modules — exempt paths are:
   - Skipped from keyword learning
   - Immune to AI blocking
   - Ignored in log training
   - Cleaned from `DynamicKeyword` model automatically
 
+**Exempt IPs:**
+You can exempt specific IP addresses from all blocking and blacklisting logic. Exempted IPs will:
+  - Never be added to the blacklist (even if they trigger rules)
+  - Be automatically removed from the blacklist during retraining
+  - Bypass all block/deny logic in middleware
+
+### Managing Exempt IPs
+
+Add an IP to the exemption list using the management command:
+
+```bash
+python manage.py add_ipexemption <ip-address> --reason "optional reason"
+```
+
+### Resetting AI-WAF
+
+Clear all blacklist and exemption entries:
+
+```bash
+# Clear everything (with confirmation prompt)
+python manage.py aiwaf_reset
+
+# Clear everything without confirmation
+python manage.py aiwaf_reset --confirm
+
+# Clear only blacklist entries
+python manage.py aiwaf_reset --blacklist-only
+
+# Clear only exemption entries  
+python manage.py aiwaf_reset --exemptions-only
+```
+
+This will ensure the IP is never blocked by AI‑WAF. You can also manage exemptions via the Django admin interface.
+
 - **Daily Retraining**  
   Reads rotated logs, auto‑blocks 404 floods, retrains the IsolationForest, updates `model.pkl`, and evolves the keyword DB.
 
@@ -103,13 +163,13 @@ AIWAF_ACCESS_LOG = "/var/log/nginx/access.log"
 
 ```python
 AIWAF_MODEL_PATH         = BASE_DIR / "aiwaf" / "resources" / "model.pkl"
-AIWAF_HONEYPOT_FIELD     = "hp_field"
+AIWAF_MIN_FORM_TIME      = 1.0        # minimum seconds between GET and POST
 AIWAF_RATE_WINDOW        = 10         # seconds
 AIWAF_RATE_MAX           = 20         # max requests per window
 AIWAF_RATE_FLOOD         = 10         # flood threshold
 AIWAF_WINDOW_SECONDS     = 60         # anomaly detection window
 AIWAF_FILE_EXTENSIONS    = [".php", ".asp", ".jsp"]
-AIWAF_EXEMPT_PATHS       = [          # optional but highly recommended
+AIWAF_EXEMPT_PATHS = [          # optional but highly recommended
     "/favicon.ico",
     "/robots.txt",
     "/static/",
@@ -131,7 +191,7 @@ MIDDLEWARE = [
     "aiwaf.middleware.IPAndKeywordBlockMiddleware",
     "aiwaf.middleware.RateLimitMiddleware",
     "aiwaf.middleware.AIAnomalyMiddleware",
-    "aiwaf.middleware.HoneypotMiddleware",
+    "aiwaf.middleware.HoneypotTimingMiddleware",
     "aiwaf.middleware.UUIDTamperMiddleware",
     # ... other middleware ...
 ]
@@ -139,24 +199,7 @@ MIDDLEWARE = [
 
 ---
 
-## 🕵️ Honeypot Field (in your template)
-
-```django
-{% load aiwaf_tags %}
-
-<form method="post">
-  {% csrf_token %}
-  {% honeypot_field %}
-  <!-- your real fields -->
-</form>
-```
-
-> Renders a hidden `<input name="hp_field" style="display:none">`.  
-> Any non‑empty submission → IP blacklisted.
-
----
-
-## 🔁 Running Detection & Training
+##  Running Detection & Training
 
 ```bash
 python manage.py detect_and_train
@@ -179,7 +222,7 @@ python manage.py detect_and_train
 | IPAndKeywordBlockMiddleware        | Blocks requests from known blacklisted IPs and Keywords         |
 | RateLimitMiddleware                | Enforces burst & flood thresholds                               |
 | AIAnomalyMiddleware                | ML‑driven behavior analysis + block on anomaly                  |
-| HoneypotMiddleware                 | Detects bots filling hidden inputs in forms                     |
+| HoneypotTimingMiddleware           | Detects bots via GET→POST timing analysis                       |
 | UUIDTamperMiddleware               | Blocks guessed/nonexistent UUIDs across all models in an app    |
 
 ---

{aiwaf-0.1.7.7 → aiwaf-0.1.8.1}/aiwaf.egg-info/SOURCES.txt

@@ -13,9 +13,12 @@ aiwaf/utils.py
 aiwaf.egg-info/PKG-INFO
 aiwaf.egg-info/SOURCES.txt
 aiwaf.egg-info/dependency_links.txt
+aiwaf.egg-info/requires.txt
 aiwaf.egg-info/top_level.txt
 aiwaf/management/__init__.py
 aiwaf/management/commands/__init__.py
+aiwaf/management/commands/add_ipexemption.py
+aiwaf/management/commands/aiwaf_reset.py
 aiwaf/management/commands/detect_and_train.py
 aiwaf/resources/model.pkl
 aiwaf/templatetags/__init__.py

aiwaf-0.1.8.1/aiwaf.egg-info/requires.txt

@@ -0,0 +1,5 @@
+Django>=3.2
+numpy>=1.21
+pandas>=1.3
+scikit-learn>=1.0
+joblib>=1.1

{aiwaf-0.1.7.7 → aiwaf-0.1.8.1}/pyproject.toml

@@ -1,9 +1,15 @@
 [project]
 name = "aiwaf"
-version = "0.1.7.7"
+version = "0.1.8.1"
 description = "AI-powered Web Application Firewall"
 readme = "README.md"
 requires-python = ">=3.8"
 license = {text = "MIT"}
 authors = [{ name = "Aayush Gauba", email = "gauba.aayush@gmail.com" }]
-dependencies = [ ]
+dependencies = [
+    "Django>=3.2",
+    "numpy>=1.21",
+    "pandas>=1.3",
+    "scikit-learn>=1.0",
+    "joblib>=1.1"
+]

{aiwaf-0.1.7.7 → aiwaf-0.1.8.1}/setup.py

@@ -9,7 +9,7 @@ long_description = (HERE / "README.md").read_text(encoding="utf-8")
 
 setup(
     name="aiwaf",
-    version="0.1.7.7",
+    version="0.1.8.1",
     description="AI‑driven, self‑learning Web Application Firewall for Django",
     long_description=long_description,
     long_description_content_type="text/markdown",