aiwaf 0.1.7.8__tar.gz → 0.1.8.1__tar.gz

{aiwaf-0.1.7.8 → aiwaf-0.1.8.1}/PKG-INFO

@@ -1,6 +1,6 @@
 Metadata-Version: 2.4
 Name: aiwaf
-Version: 0.1.7.8
+Version: 0.1.8.1
 Summary: AI-powered Web Application Firewall
 Home-page: https://github.com/aayushgauba/aiwaf
 Author: Aayush Gauba
@@ -77,8 +77,10 @@ aiwaf/
 - **File‑Extension Probing Detection**  
   Tracks repeated 404s on common extensions (e.g. `.php`, `.asp`) and blocks IPs.
 
-- **Honeypot Field**  
-  Hidden field for bot detection → IP blacklisted on fill.
+- **Timing-Based Honeypot**  
+  Tracks GET→POST timing patterns. Blocks IPs that:
+  - POST directly without a preceding GET request
+  - Submit forms faster than `AIWAF_MIN_FORM_TIME` seconds (default: 1 second)
 
 - **UUID Tampering Protection**  
   Blocks guessed or invalid UUIDs that don’t resolve to real models.
@@ -107,6 +109,24 @@ Add an IP to the exemption list using the management command:
 python manage.py add_ipexemption <ip-address> --reason "optional reason"
 ```
 
+### Resetting AI-WAF
+
+Clear all blacklist and exemption entries:
+
+```bash
+# Clear everything (with confirmation prompt)
+python manage.py aiwaf_reset
+
+# Clear everything without confirmation
+python manage.py aiwaf_reset --confirm
+
+# Clear only blacklist entries
+python manage.py aiwaf_reset --blacklist-only
+
+# Clear only exemption entries  
+python manage.py aiwaf_reset --exemptions-only
+```
+
 This will ensure the IP is never blocked by AI‑WAF. You can also manage exemptions via the Django admin interface.
 
 - **Daily Retraining**  
@@ -143,7 +163,7 @@ AIWAF_ACCESS_LOG = "/var/log/nginx/access.log"
 
 ```python
 AIWAF_MODEL_PATH         = BASE_DIR / "aiwaf" / "resources" / "model.pkl"
-AIWAF_HONEYPOT_FIELD     = "hp_field"
+AIWAF_MIN_FORM_TIME      = 1.0        # minimum seconds between GET and POST
 AIWAF_RATE_WINDOW        = 10         # seconds
 AIWAF_RATE_MAX           = 20         # max requests per window
 AIWAF_RATE_FLOOD         = 10         # flood threshold
@@ -171,7 +191,7 @@ MIDDLEWARE = [
     "aiwaf.middleware.IPAndKeywordBlockMiddleware",
     "aiwaf.middleware.RateLimitMiddleware",
     "aiwaf.middleware.AIAnomalyMiddleware",
-    "aiwaf.middleware.HoneypotMiddleware",
+    "aiwaf.middleware.HoneypotTimingMiddleware",
     "aiwaf.middleware.UUIDTamperMiddleware",
     # ... other middleware ...
 ]
@@ -179,24 +199,7 @@ MIDDLEWARE = [
 
 ---
 
-## 🕵️ Honeypot Field (in your template)
-
-```django
-{% load aiwaf_tags %}
-
-<form method="post">
-  {% csrf_token %}
-  {% honeypot_field %}
-  <!-- your real fields -->
-</form>
-```
-
-> Renders a hidden `<input name="hp_field" style="display:none">`.  
-> Any non‑empty submission → IP blacklisted.
-
----
-
-## 🔁 Running Detection & Training
+##  Running Detection & Training
 
 ```bash
 python manage.py detect_and_train
@@ -219,7 +222,7 @@ python manage.py detect_and_train
 | IPAndKeywordBlockMiddleware        | Blocks requests from known blacklisted IPs and Keywords         |
 | RateLimitMiddleware                | Enforces burst & flood thresholds                               |
 | AIAnomalyMiddleware                | ML‑driven behavior analysis + block on anomaly                  |
-| HoneypotMiddleware                 | Detects bots filling hidden inputs in forms                     |
+| HoneypotTimingMiddleware           | Detects bots via GET→POST timing analysis                       |
 | UUIDTamperMiddleware               | Blocks guessed/nonexistent UUIDs across all models in an app    |
 
 ---

{aiwaf-0.1.7.8 → aiwaf-0.1.8.1}/README.md

@@ -56,8 +56,10 @@ aiwaf/
 - **File‑Extension Probing Detection**  
   Tracks repeated 404s on common extensions (e.g. `.php`, `.asp`) and blocks IPs.
 
-- **Honeypot Field**  
-  Hidden field for bot detection → IP blacklisted on fill.
+- **Timing-Based Honeypot**  
+  Tracks GET→POST timing patterns. Blocks IPs that:
+  - POST directly without a preceding GET request
+  - Submit forms faster than `AIWAF_MIN_FORM_TIME` seconds (default: 1 second)
 
 - **UUID Tampering Protection**  
   Blocks guessed or invalid UUIDs that don’t resolve to real models.
@@ -86,6 +88,24 @@ Add an IP to the exemption list using the management command:
 python manage.py add_ipexemption <ip-address> --reason "optional reason"
 ```
 
+### Resetting AI-WAF
+
+Clear all blacklist and exemption entries:
+
+```bash
+# Clear everything (with confirmation prompt)
+python manage.py aiwaf_reset
+
+# Clear everything without confirmation
+python manage.py aiwaf_reset --confirm
+
+# Clear only blacklist entries
+python manage.py aiwaf_reset --blacklist-only
+
+# Clear only exemption entries  
+python manage.py aiwaf_reset --exemptions-only
+```
+
 This will ensure the IP is never blocked by AI‑WAF. You can also manage exemptions via the Django admin interface.
 
 - **Daily Retraining**  
@@ -122,7 +142,7 @@ AIWAF_ACCESS_LOG = "/var/log/nginx/access.log"
 
 ```python
 AIWAF_MODEL_PATH         = BASE_DIR / "aiwaf" / "resources" / "model.pkl"
-AIWAF_HONEYPOT_FIELD     = "hp_field"
+AIWAF_MIN_FORM_TIME      = 1.0        # minimum seconds between GET and POST
 AIWAF_RATE_WINDOW        = 10         # seconds
 AIWAF_RATE_MAX           = 20         # max requests per window
 AIWAF_RATE_FLOOD         = 10         # flood threshold
@@ -150,7 +170,7 @@ MIDDLEWARE = [
     "aiwaf.middleware.IPAndKeywordBlockMiddleware",
     "aiwaf.middleware.RateLimitMiddleware",
     "aiwaf.middleware.AIAnomalyMiddleware",
-    "aiwaf.middleware.HoneypotMiddleware",
+    "aiwaf.middleware.HoneypotTimingMiddleware",
     "aiwaf.middleware.UUIDTamperMiddleware",
     # ... other middleware ...
 ]
@@ -158,24 +178,7 @@ MIDDLEWARE = [
 
 ---
 
-## 🕵️ Honeypot Field (in your template)
-
-```django
-{% load aiwaf_tags %}
-
-<form method="post">
-  {% csrf_token %}
-  {% honeypot_field %}
-  <!-- your real fields -->
-</form>
-```
-
-> Renders a hidden `<input name="hp_field" style="display:none">`.  
-> Any non‑empty submission → IP blacklisted.
-
----
-
-## 🔁 Running Detection & Training
+##  Running Detection & Training
 
 ```bash
 python manage.py detect_and_train
@@ -198,7 +201,7 @@ python manage.py detect_and_train
 | IPAndKeywordBlockMiddleware        | Blocks requests from known blacklisted IPs and Keywords         |
 | RateLimitMiddleware                | Enforces burst & flood thresholds                               |
 | AIAnomalyMiddleware                | ML‑driven behavior analysis + block on anomaly                  |
-| HoneypotMiddleware                 | Detects bots filling hidden inputs in forms                     |
+| HoneypotTimingMiddleware           | Detects bots via GET→POST timing analysis                       |
 | UUIDTamperMiddleware               | Blocks guessed/nonexistent UUIDs across all models in an app    |
 
 ---

aiwaf-0.1.8.1/aiwaf/management/commands/aiwaf_reset.py

@@ -0,0 +1,84 @@
+from django.core.management.base import BaseCommand
+from aiwaf.models import BlacklistEntry, IPExemption
+
+class Command(BaseCommand):
+    help = 'Reset AI-WAF by clearing all blacklist and exemption (whitelist) entries'
+
+    def add_arguments(self, parser):
+        parser.add_argument(
+            '--blacklist-only',
+            action='store_true',
+            help='Clear only blacklist entries, keep exemptions'
+        )
+        parser.add_argument(
+            '--exemptions-only',
+            action='store_true',
+            help='Clear only exemption entries, keep blacklist'
+        )
+        parser.add_argument(
+            '--confirm',
+            action='store_true',
+            help='Skip confirmation prompt'
+        )
+
+    def handle(self, *args, **options):
+        blacklist_only = options['blacklist_only']
+        exemptions_only = options['exemptions_only']
+        confirm = options['confirm']
+        
+        # Count current entries
+        blacklist_count = BlacklistEntry.objects.count()
+        exemption_count = IPExemption.objects.count()
+        
+        if blacklist_only and exemptions_only:
+            self.stdout.write(self.style.ERROR('Cannot use both --blacklist-only and --exemptions-only flags'))
+            return
+        
+        # Determine what to clear
+        if blacklist_only:
+            action = f"Clear {blacklist_count} blacklist entries"
+            clear_blacklist = True
+            clear_exemptions = False
+        elif exemptions_only:
+            action = f"Clear {exemption_count} exemption entries"
+            clear_blacklist = False
+            clear_exemptions = True
+        else:
+            action = f"Clear {blacklist_count} blacklist entries and {exemption_count} exemption entries"
+            clear_blacklist = True
+            clear_exemptions = True
+        
+        # Show what will be cleared
+        self.stdout.write(f"AI-WAF Reset: {action}")
+        
+        if not confirm:
+            response = input("Are you sure you want to proceed? [y/N]: ")
+            if response.lower() not in ['y', 'yes']:
+                self.stdout.write(self.style.WARNING('Operation cancelled'))
+                return
+        
+        # Perform the reset
+        deleted_counts = {'blacklist': 0, 'exemptions': 0}
+        
+        if clear_blacklist:
+            deleted_counts['blacklist'], _ = BlacklistEntry.objects.all().delete()
+        
+        if clear_exemptions:
+            deleted_counts['exemptions'], _ = IPExemption.objects.all().delete()
+        
+        # Report results
+        if clear_blacklist and clear_exemptions:
+            self.stdout.write(
+                self.style.SUCCESS(
+                    f"✅ Reset complete: Deleted {deleted_counts['blacklist']} blacklist entries "
+                    f"and {deleted_counts['exemptions']} exemption entries"
+                )
+            )
+        elif clear_blacklist:
+            self.stdout.write(
+                self.style.SUCCESS(f"✅ Blacklist cleared: Deleted {deleted_counts['blacklist']} entries")
+            )
+        elif clear_exemptions:
+            self.stdout.write(
+                self.style.SUCCESS(f"✅ Exemptions cleared: Deleted {deleted_counts['exemptions']} entries")
+            )

{aiwaf-0.1.7.8 → aiwaf-0.1.8.1}/aiwaf/middleware.py

@@ -189,16 +189,37 @@ class AIAnomalyMiddleware(MiddlewareMixin):
         return response
 
 
-class HoneypotMiddleware(MiddlewareMixin):
-    def process_view(self, request, view_func, view_args, view_kwargs):
+class HoneypotTimingMiddleware(MiddlewareMixin):
+    MIN_FORM_TIME = getattr(settings, "AIWAF_MIN_FORM_TIME", 1.0)  # seconds
+    
+    def process_request(self, request):
         if is_exempt_path(request.path):
             return None
-        trap = request.POST.get(getattr(settings, "AIWAF_HONEYPOT_FIELD", "hp_field"), "")
-        if trap:
-            ip = get_ip(request)
-            if not is_ip_exempted(ip):
-                BlacklistManager.block(ip, "HONEYPOT triggered")
-                return JsonResponse({"error": "bot_detected"}, status=403)
+            
+        ip = get_ip(request)
+        if is_ip_exempted(ip):
+            return None
+            
+        if request.method == "GET":
+            # Store timestamp for this IP's GET request
+            cache.set(f"honeypot_get:{ip}", time.time(), timeout=300)  # 5 min timeout
+        
+        elif request.method == "POST":
+            # Check if there was a preceding GET request
+            get_time = cache.get(f"honeypot_get:{ip}")
+            
+            if get_time is None:
+                # No GET request - likely bot posting directly
+                BlacklistManager.block(ip, "Direct POST without GET")
+                return JsonResponse({"error": "blocked"}, status=403)
+            
+            # Check timing
+            time_diff = time.time() - get_time
+            if time_diff < self.MIN_FORM_TIME:
+                # Posted too quickly - likely bot
+                BlacklistManager.block(ip, f"Form submitted too quickly ({time_diff:.2f}s)")
+                return JsonResponse({"error": "blocked"}, status=403)
+        
         return None
 
 

{aiwaf-0.1.7.8 → aiwaf-0.1.8.1}/aiwaf.egg-info/PKG-INFO

@@ -1,6 +1,6 @@
 Metadata-Version: 2.4
 Name: aiwaf
-Version: 0.1.7.8
+Version: 0.1.8.1
 Summary: AI-powered Web Application Firewall
 Home-page: https://github.com/aayushgauba/aiwaf
 Author: Aayush Gauba
@@ -77,8 +77,10 @@ aiwaf/
 - **File‑Extension Probing Detection**  
   Tracks repeated 404s on common extensions (e.g. `.php`, `.asp`) and blocks IPs.
 
-- **Honeypot Field**  
-  Hidden field for bot detection → IP blacklisted on fill.
+- **Timing-Based Honeypot**  
+  Tracks GET→POST timing patterns. Blocks IPs that:
+  - POST directly without a preceding GET request
+  - Submit forms faster than `AIWAF_MIN_FORM_TIME` seconds (default: 1 second)
 
 - **UUID Tampering Protection**  
   Blocks guessed or invalid UUIDs that don’t resolve to real models.
@@ -107,6 +109,24 @@ Add an IP to the exemption list using the management command:
 python manage.py add_ipexemption <ip-address> --reason "optional reason"
 ```
 
+### Resetting AI-WAF
+
+Clear all blacklist and exemption entries:
+
+```bash
+# Clear everything (with confirmation prompt)
+python manage.py aiwaf_reset
+
+# Clear everything without confirmation
+python manage.py aiwaf_reset --confirm
+
+# Clear only blacklist entries
+python manage.py aiwaf_reset --blacklist-only
+
+# Clear only exemption entries  
+python manage.py aiwaf_reset --exemptions-only
+```
+
 This will ensure the IP is never blocked by AI‑WAF. You can also manage exemptions via the Django admin interface.
 
 - **Daily Retraining**  
@@ -143,7 +163,7 @@ AIWAF_ACCESS_LOG = "/var/log/nginx/access.log"
 
 ```python
 AIWAF_MODEL_PATH         = BASE_DIR / "aiwaf" / "resources" / "model.pkl"
-AIWAF_HONEYPOT_FIELD     = "hp_field"
+AIWAF_MIN_FORM_TIME      = 1.0        # minimum seconds between GET and POST
 AIWAF_RATE_WINDOW        = 10         # seconds
 AIWAF_RATE_MAX           = 20         # max requests per window
 AIWAF_RATE_FLOOD         = 10         # flood threshold
@@ -171,7 +191,7 @@ MIDDLEWARE = [
     "aiwaf.middleware.IPAndKeywordBlockMiddleware",
     "aiwaf.middleware.RateLimitMiddleware",
     "aiwaf.middleware.AIAnomalyMiddleware",
-    "aiwaf.middleware.HoneypotMiddleware",
+    "aiwaf.middleware.HoneypotTimingMiddleware",
     "aiwaf.middleware.UUIDTamperMiddleware",
     # ... other middleware ...
 ]
@@ -179,24 +199,7 @@ MIDDLEWARE = [
 
 ---
 
-## 🕵️ Honeypot Field (in your template)
-
-```django
-{% load aiwaf_tags %}
-
-<form method="post">
-  {% csrf_token %}
-  {% honeypot_field %}
-  <!-- your real fields -->
-</form>
-```
-
-> Renders a hidden `<input name="hp_field" style="display:none">`.  
-> Any non‑empty submission → IP blacklisted.
-
----
-
-## 🔁 Running Detection & Training
+##  Running Detection & Training
 
 ```bash
 python manage.py detect_and_train
@@ -219,7 +222,7 @@ python manage.py detect_and_train
 | IPAndKeywordBlockMiddleware        | Blocks requests from known blacklisted IPs and Keywords         |
 | RateLimitMiddleware                | Enforces burst & flood thresholds                               |
 | AIAnomalyMiddleware                | ML‑driven behavior analysis + block on anomaly                  |
-| HoneypotMiddleware                 | Detects bots filling hidden inputs in forms                     |
+| HoneypotTimingMiddleware           | Detects bots via GET→POST timing analysis                       |
 | UUIDTamperMiddleware               | Blocks guessed/nonexistent UUIDs across all models in an app    |
 
 ---

{aiwaf-0.1.7.8 → aiwaf-0.1.8.1}/aiwaf.egg-info/SOURCES.txt

@@ -18,6 +18,7 @@ aiwaf.egg-info/top_level.txt
 aiwaf/management/__init__.py
 aiwaf/management/commands/__init__.py
 aiwaf/management/commands/add_ipexemption.py
+aiwaf/management/commands/aiwaf_reset.py
 aiwaf/management/commands/detect_and_train.py
 aiwaf/resources/model.pkl
 aiwaf/templatetags/__init__.py

{aiwaf-0.1.7.8 → aiwaf-0.1.8.1}/pyproject.toml

@@ -1,6 +1,6 @@
 [project]
 name = "aiwaf"
-version = "0.1.7.8"
+version = "0.1.8.1"
 description = "AI-powered Web Application Firewall"
 readme = "README.md"
 requires-python = ">=3.8"

{aiwaf-0.1.7.8 → aiwaf-0.1.8.1}/setup.py

@@ -9,7 +9,7 @@ long_description = (HERE / "README.md").read_text(encoding="utf-8")
 
 setup(
     name="aiwaf",
-    version="0.1.7.8",
+    version="0.1.8.1",
     description="AI‑driven, self‑learning Web Application Firewall for Django",
     long_description=long_description,
     long_description_content_type="text/markdown",