aiwaf 0.1.9.0.4__tar.gz → 0.1.9.0.6__tar.gz

{aiwaf-0.1.9.0.4 → aiwaf-0.1.9.0.6}/PKG-INFO

@@ -1,6 +1,6 @@
 Metadata-Version: 2.4
 Name: aiwaf
-Version: 0.1.9.0.4
+Version: 0.1.9.0.6
 Summary: AI-powered Web Application Firewall
 Home-page: https://github.com/aayushgauba/aiwaf
 Author: Aayush Gauba
@@ -68,7 +68,7 @@ aiwaf/
 ## 🚀 Features
 
 - **IP Blocklist**  
-  Instantly blocks suspicious IPs (supports CSV fallback or Django model).
+  Instantly blocks suspicious IPs using Django models with real-time performance.
 
 - **Rate Limiting**  
   Sliding‑window blocks flooders (> `AIWAF_RATE_MAX` per `AIWAF_RATE_WINDOW`), then blacklists them.
@@ -98,9 +98,9 @@ aiwaf/
   Blocks guessed or invalid UUIDs that don't resolve to real models.
 
 - **Built-in Request Logger**  
-  Optional middleware logger that captures requests to CSV:
+  Optional middleware logger that captures requests to Django models:
   - **Automatic fallback** when main access logs unavailable
-  - **CSV format** for easy analysis and training
+  - **Real-time storage** in database for instant access
   - **Captures response times** for better anomaly detection
   - **Zero configuration** - works out of the box
 
@@ -221,28 +221,33 @@ AIWAF_ACCESS_LOG = "/var/log/nginx/access.log"
 
 ---
 
-### Storage Configuration
+### Database Models
 
-**Choose storage backend:**
+AI-WAF uses Django models for real-time, high-performance storage:
 
 ```python
-# Use Django models (default) - requires database tables
-AIWAF_STORAGE_MODE = "models"
-
-# OR use CSV files - no database required
-AIWAF_STORAGE_MODE = "csv"
-AIWAF_CSV_DATA_DIR = "aiwaf_data"  # Directory for CSV files
+# All data is stored in Django models - no configuration needed
+# Tables created automatically with migrations:
+# - aiwaf_blacklistentry     # Blocked IP addresses
+# - aiwaf_ipexemption        # Exempt IP addresses  
+# - aiwaf_dynamickeyword     # Dynamic keywords with counts
+# - aiwaf_featuresample      # Feature samples for ML training
+# - aiwaf_requestlog         # Request logs (if middleware logging enabled)
 ```
 
-**CSV Mode Features:**
-- No database migrations required
-- Files stored in `aiwaf_data/` directory:
-  - `blacklist.csv` - Blocked IP addresses
-  - `exemptions.csv` - Exempt IP addresses  
-  - `keywords.csv` - Dynamic keywords
-  - `access_samples.csv` - Feature samples for ML training
-- Perfect for lightweight deployments or when you prefer file-based storage
-- Management commands work identically in both modes
+**Benefits of Django Models:**
+- ⚡ **Real-time performance** - No file I/O bottlenecks
+- 🔄 **Instant updates** - Changes visible immediately across all processes
+- 🚀 **Better concurrency** - No file locking issues
+- 📊 **Rich querying** - Use Django ORM for complex operations
+- 🔍 **Admin integration** - View/manage data through Django admin
+
+**Database Setup:**
+```bash
+# Create and apply migrations
+python manage.py makemigrations aiwaf
+python manage.py migrate aiwaf
+```
 
 ---
 
@@ -253,8 +258,6 @@ Enable AI-WAF's built-in request logger as a fallback when main access logs aren
 ```python
 # Enable middleware logging
 AIWAF_MIDDLEWARE_LOGGING = True                    # Enable/disable logging
-AIWAF_MIDDLEWARE_LOG = "aiwaf_requests.log"        # Log file path
-AIWAF_MIDDLEWARE_CSV = True                        # Use CSV format (recommended)
 ```
 
 **Then add middleware to MIDDLEWARE list:**
@@ -276,8 +279,8 @@ python manage.py aiwaf_logging --clear     # Clear log files
 
 **Benefits:**
 - **Automatic fallback** when `AIWAF_ACCESS_LOG` unavailable
-- **CSV format** with precise timestamps and response times
-- **Zero configuration** - trainer automatically detects and uses CSV logs
+- **Database storage** with precise timestamps and response times
+- **Zero configuration** - trainer automatically detects and uses model logs
 - **Lightweight** - fails silently to avoid breaking your application
 
 ---
@@ -386,7 +389,7 @@ python manage.py detect_and_train
 ```
 
 ### What happens:
-1. Read access logs (incl. rotated or gzipped) **OR** AI-WAF middleware CSV logs
+1. Read access logs (incl. rotated or gzipped) **OR** AI-WAF middleware model logs
 2. Auto‑block IPs with ≥ 6 total 404s
 3. Extract features & train IsolationForest
 4. Save `model.pkl` with current scikit-learn version
@@ -411,7 +414,7 @@ python manage.py detect_and_train
 5. Extract top 10 dynamic keywords from 4xx/5xx
 6. Remove any keywords associated with newly exempt paths
 
-**Note:** If main access log (`AIWAF_ACCESS_LOG`) is unavailable, trainer automatically falls back to AI-WAF middleware CSV logs.
+**Note:** If main access log (`AIWAF_ACCESS_LOG`) is unavailable, trainer automatically falls back to AI-WAF middleware model logs.
 
 ---
 

{aiwaf-0.1.9.0.4 → aiwaf-0.1.9.0.6}/README.md

@@ -47,7 +47,7 @@ aiwaf/
 ## 🚀 Features
 
 - **IP Blocklist**  
-  Instantly blocks suspicious IPs (supports CSV fallback or Django model).
+  Instantly blocks suspicious IPs using Django models with real-time performance.
 
 - **Rate Limiting**  
   Sliding‑window blocks flooders (> `AIWAF_RATE_MAX` per `AIWAF_RATE_WINDOW`), then blacklists them.
@@ -77,9 +77,9 @@ aiwaf/
   Blocks guessed or invalid UUIDs that don't resolve to real models.
 
 - **Built-in Request Logger**  
-  Optional middleware logger that captures requests to CSV:
+  Optional middleware logger that captures requests to Django models:
   - **Automatic fallback** when main access logs unavailable
-  - **CSV format** for easy analysis and training
+  - **Real-time storage** in database for instant access
   - **Captures response times** for better anomaly detection
   - **Zero configuration** - works out of the box
 
@@ -200,28 +200,33 @@ AIWAF_ACCESS_LOG = "/var/log/nginx/access.log"
 
 ---
 
-### Storage Configuration
+### Database Models
 
-**Choose storage backend:**
+AI-WAF uses Django models for real-time, high-performance storage:
 
 ```python
-# Use Django models (default) - requires database tables
-AIWAF_STORAGE_MODE = "models"
-
-# OR use CSV files - no database required
-AIWAF_STORAGE_MODE = "csv"
-AIWAF_CSV_DATA_DIR = "aiwaf_data"  # Directory for CSV files
+# All data is stored in Django models - no configuration needed
+# Tables created automatically with migrations:
+# - aiwaf_blacklistentry     # Blocked IP addresses
+# - aiwaf_ipexemption        # Exempt IP addresses  
+# - aiwaf_dynamickeyword     # Dynamic keywords with counts
+# - aiwaf_featuresample      # Feature samples for ML training
+# - aiwaf_requestlog         # Request logs (if middleware logging enabled)
 ```
 
-**CSV Mode Features:**
-- No database migrations required
-- Files stored in `aiwaf_data/` directory:
-  - `blacklist.csv` - Blocked IP addresses
-  - `exemptions.csv` - Exempt IP addresses  
-  - `keywords.csv` - Dynamic keywords
-  - `access_samples.csv` - Feature samples for ML training
-- Perfect for lightweight deployments or when you prefer file-based storage
-- Management commands work identically in both modes
+**Benefits of Django Models:**
+- ⚡ **Real-time performance** - No file I/O bottlenecks
+- 🔄 **Instant updates** - Changes visible immediately across all processes
+- 🚀 **Better concurrency** - No file locking issues
+- 📊 **Rich querying** - Use Django ORM for complex operations
+- 🔍 **Admin integration** - View/manage data through Django admin
+
+**Database Setup:**
+```bash
+# Create and apply migrations
+python manage.py makemigrations aiwaf
+python manage.py migrate aiwaf
+```
 
 ---
 
@@ -232,8 +237,6 @@ Enable AI-WAF's built-in request logger as a fallback when main access logs aren
 ```python
 # Enable middleware logging
 AIWAF_MIDDLEWARE_LOGGING = True                    # Enable/disable logging
-AIWAF_MIDDLEWARE_LOG = "aiwaf_requests.log"        # Log file path
-AIWAF_MIDDLEWARE_CSV = True                        # Use CSV format (recommended)
 ```
 
 **Then add middleware to MIDDLEWARE list:**
@@ -255,8 +258,8 @@ python manage.py aiwaf_logging --clear     # Clear log files
 
 **Benefits:**
 - **Automatic fallback** when `AIWAF_ACCESS_LOG` unavailable
-- **CSV format** with precise timestamps and response times
-- **Zero configuration** - trainer automatically detects and uses CSV logs
+- **Database storage** with precise timestamps and response times
+- **Zero configuration** - trainer automatically detects and uses model logs
 - **Lightweight** - fails silently to avoid breaking your application
 
 ---
@@ -365,7 +368,7 @@ python manage.py detect_and_train
 ```
 
 ### What happens:
-1. Read access logs (incl. rotated or gzipped) **OR** AI-WAF middleware CSV logs
+1. Read access logs (incl. rotated or gzipped) **OR** AI-WAF middleware model logs
 2. Auto‑block IPs with ≥ 6 total 404s
 3. Extract features & train IsolationForest
 4. Save `model.pkl` with current scikit-learn version
@@ -390,7 +393,7 @@ python manage.py detect_and_train
 5. Extract top 10 dynamic keywords from 4xx/5xx
 6. Remove any keywords associated with newly exempt paths
 
-**Note:** If main access log (`AIWAF_ACCESS_LOG`) is unavailable, trainer automatically falls back to AI-WAF middleware CSV logs.
+**Note:** If main access log (`AIWAF_ACCESS_LOG`) is unavailable, trainer automatically falls back to AI-WAF middleware model logs.
 
 ---
 

{aiwaf-0.1.9.0.4 → aiwaf-0.1.9.0.6}/aiwaf/__init__.py

@@ -1,6 +1,6 @@
 default_app_config = "aiwaf.apps.AiwafConfig"
 
-__version__ = "0.1.9.0.4"
+__version__ = "0.1.9.0.6"
 
 # Note: Middleware classes are available from aiwaf.middleware
 # Import them only when needed to avoid circular imports during Django app loading

aiwaf-0.1.9.0.6/aiwaf/blacklist_manager.py

@@ -0,0 +1,37 @@
+# aiwaf/blacklist_manager.py
+
+from .storage import get_blacklist_store, get_exemption_store
+
+class BlacklistManager:
+    @staticmethod
+    def block(ip, reason):
+        """Add IP to blacklist, but only if it's not exempted"""
+        # Check if IP is exempted before blocking
+        exemption_store = get_exemption_store()
+        if exemption_store.is_exempted(ip):
+            return  # Don't block exempted IPs
+        
+        store = get_blacklist_store()
+        store.block_ip(ip, reason)
+
+    @staticmethod
+    def is_blocked(ip):
+        """Check if IP is blocked, but respect exemptions"""
+        # First check if IP is exempted - exemptions override blacklist
+        exemption_store = get_exemption_store()
+        if exemption_store.is_exempted(ip):
+            return False  # Exempted IPs are never considered blocked
+        
+        # If not exempted, check blacklist
+        store = get_blacklist_store()
+        return store.is_blocked(ip)
+
+    @staticmethod
+    def all_blocked():
+        store = get_blacklist_store()
+        return store.get_all_blocked_ips()
+    
+    @staticmethod
+    def unblock(ip):
+        store = get_blacklist_store()
+        store.unblock_ip(ip)

aiwaf-0.1.9.0.6/aiwaf/management/commands/add_exemption.py

@@ -0,0 +1,30 @@
+#!/usr/bin/env python3
+
+from django.core.management.base import BaseCommand
+from aiwaf.storage import get_exemption_store
+
+class Command(BaseCommand):
+    help = 'Add IP to exemption list using Django models'
+
+    def add_arguments(self, parser):
+        parser.add_argument('ip', help='IP address to exempt')
+        parser.add_argument('--reason', default='Manual exemption', help='Reason for exemption')
+
+    def handle(self, *args, **options):
+        ip = options['ip']
+        reason = options['reason']
+        
+        self.stdout.write(f"Adding IP {ip} to exemption list...")
+        
+        exemption_store = get_exemption_store()
+        exemption_store.add_exemption(ip, reason)
+        
+        # Verify it was added
+        if exemption_store.is_exempted(ip):
+            self.stdout.write(self.style.SUCCESS(f"✅ Successfully exempted IP: {ip}"))
+        else:
+            self.stdout.write(self.style.ERROR(f"❌ Failed to exempt IP: {ip}"))
+        
+        # Show all exempted IPs
+        all_exempted = exemption_store.get_all_exempted_ips()
+        self.stdout.write(f"\nAll exempted IPs: {all_exempted}")

aiwaf-0.1.9.0.6/aiwaf/management/commands/clear_cache.py

@@ -0,0 +1,18 @@
+#!/usr/bin/env python3
+
+from django.core.management.base import BaseCommand
+from django.core.cache import cache
+
+class Command(BaseCommand):
+    help = 'Clear Django cache'
+
+    def handle(self, *args, **options):
+        cache.clear()
+        self.stdout.write(self.style.SUCCESS("✅ Django cache cleared successfully!"))
+        
+        # Also show what was cleared
+        self.stdout.write("🧹 Cleared all cached data including:")
+        self.stdout.write("   - Rate limiting data")
+        self.stdout.write("   - Blacklist cache")
+        self.stdout.write("   - AI anomaly data")
+        self.stdout.write("   - Honeypot timing data")

aiwaf-0.1.9.0.6/aiwaf/management/commands/diagnose_blocking.py

@@ -0,0 +1,96 @@
+#!/usr/bin/env python3
+
+from django.core.management.base import BaseCommand
+from django.core.cache import cache
+from aiwaf.blacklist_manager import BlacklistManager
+from aiwaf.storage import get_exemption_store, get_blacklist_store
+from aiwaf.utils import get_ip
+from django.test import RequestFactory
+
+class Command(BaseCommand):
+    help = 'Comprehensive diagnosis of blocking issues'
+
+    def add_arguments(self, parser):
+        parser.add_argument('--ip', default='97.187.30.95', help='IP address to test')
+        parser.add_argument('--clear-cache', action='store_true', help='Clear Django cache')
+
+    def handle(self, *args, **options):
+        test_ip = options['ip']
+        
+        self.stdout.write(f"\n🔍 Comprehensive Blocking Diagnosis for IP: {test_ip}")
+        self.stdout.write("=" * 60)
+        
+        if options['clear_cache']:
+            cache.clear()
+            self.stdout.write("🧹 Cleared Django cache")
+        
+        # 1. Check exemption status
+        exemption_store = get_exemption_store()
+        is_exempted = exemption_store.is_exempted(test_ip)
+        self.stdout.write(f"1. ✅ IP exempted in storage: {is_exempted}")
+        
+        # 2. Check blacklist status
+        blacklist_store = get_blacklist_store()
+        is_in_blacklist = blacklist_store.is_blocked(test_ip)
+        self.stdout.write(f"2. 🚫 IP in blacklist storage: {is_in_blacklist}")
+        
+        # 3. Check BlacklistManager final decision
+        manager_blocked = BlacklistManager.is_blocked(test_ip)
+        self.stdout.write(f"3. 🎯 BlacklistManager says blocked: {manager_blocked}")
+        
+        # 4. Check Django cache for blacklist entries
+        cache_key = f"blacklist:{test_ip}"
+        cached_value = cache.get(cache_key)
+        self.stdout.write(f"4. 💾 Cache value for blacklist:{test_ip}: {cached_value}")
+        
+        # 5. Test what IP would be detected from a request
+        factory = RequestFactory()
+        
+        # Test different scenarios
+        scenarios = [
+            ("Direct IP", {'REMOTE_ADDR': test_ip}),
+            ("X-Forwarded-For", {'HTTP_X_FORWARDED_FOR': test_ip}),
+            ("X-Real-IP", {'HTTP_X_REAL_IP': test_ip}),
+            ("CloudFlare", {'HTTP_CF_CONNECTING_IP': test_ip}),
+        ]
+        
+        self.stdout.write(f"\n5. 🌐 IP Detection Tests:")
+        for name, meta in scenarios:
+            request = factory.get('/', **meta)
+            detected_ip = get_ip(request)
+            self.stdout.write(f"   {name}: {detected_ip}")
+            if detected_ip == test_ip:
+                self.stdout.write(f"   ✅ Match!")
+            
+        # 6. Check rate limiting cache entries
+        self.stdout.write(f"\n6. 🚦 Rate Limiting Cache Entries:")
+        rate_keys = [
+            f"ratelimit:{test_ip}",
+            f"aiwaf:{test_ip}",
+            f"honeypot_get:{test_ip}"
+        ]
+        
+        for key in rate_keys:
+            value = cache.get(key)
+            if value:
+                self.stdout.write(f"   {key}: {value}")
+            else:
+                self.stdout.write(f"   {key}: None")
+        
+        # 7. Summary
+        self.stdout.write(f"\n📋 SUMMARY:")
+        if is_exempted and not manager_blocked:
+            self.stdout.write(self.style.SUCCESS("✅ IP should NOT be blocked"))
+            if options.get('still_blocked'):
+                self.stdout.write(self.style.WARNING("⚠️  If still blocked, check:"))
+                self.stdout.write("   - Web server logs (nginx, apache)")
+                self.stdout.write("   - Other middleware or security software")
+                self.stdout.write("   - Browser cache/cookies")
+        elif not is_exempted:
+            self.stdout.write(self.style.WARNING(f"⚠️  IP {test_ip} is NOT exempted"))
+        elif manager_blocked:
+            self.stdout.write(self.style.ERROR(f"❌ IP is being blocked despite exemption"))
+        
+        self.stdout.write(f"\n💡 To clear all caches and reset:")
+        self.stdout.write(f"   python manage.py shell -c \"from django.core.cache import cache; cache.clear()\"")
+        self.stdout.write(f"=" * 60)

aiwaf-0.1.9.0.6/aiwaf/management/commands/setup_models.py

@@ -0,0 +1,35 @@
+#!/usr/bin/env python3
+
+from django.core.management.base import BaseCommand
+from django.db import transaction
+
+class Command(BaseCommand):
+    help = 'Create Django database migrations for AI-WAF models (after removing CSV support)'
+
+    def handle(self, *args, **options):
+        self.stdout.write("🔄 Creating AI-WAF database migrations...")
+        
+        try:
+            # Import the management command functions
+            from django.core.management import call_command
+            
+            # Create migrations for aiwaf app
+            self.stdout.write("Creating migrations for aiwaf models...")
+            call_command('makemigrations', 'aiwaf', verbosity=2)
+            
+            # Apply migrations
+            self.stdout.write("Applying migrations...")
+            call_command('migrate', 'aiwaf', verbosity=2)
+            
+            self.stdout.write(self.style.SUCCESS("✅ Successfully created and applied AI-WAF migrations!"))
+            self.stdout.write("")
+            self.stdout.write("🎯 Next steps:")
+            self.stdout.write("1. Add your IP to exemptions: python manage.py add_exemption YOUR_IP")
+            self.stdout.write("2. Test the system: python manage.py diagnose_blocking --ip YOUR_IP")
+            self.stdout.write("3. Clear any old cache: python manage.py clear_cache")
+            
+        except Exception as e:
+            self.stdout.write(self.style.ERROR(f"❌ Error during migration: {e}"))
+            self.stdout.write("You may need to run these commands manually:")
+            self.stdout.write("  python manage.py makemigrations aiwaf")
+            self.stdout.write("  python manage.py migrate aiwaf")

aiwaf-0.1.9.0.6/aiwaf/management/commands/test_exemption.py

@@ -0,0 +1,120 @@
+from django.core.management.base import BaseCommand
+import os
+
+class Command(BaseCommand):
+    help = 'Test AI-WAF exemption functionality step by step'
+
+    def add_arguments(self, parser):
+        parser.add_argument(
+            'test_ip',
+            type=str,
+            help='IP address to test exemption for'
+        )
+
+    def handle(self, *args, **options):
+        test_ip = options['test_ip']
+        
+        self.stdout.write(self.style.HTTP_INFO(f"🧪 Testing Exemption for IP: {test_ip}"))
+        self.stdout.write("=" * 50)
+        
+        # Step 1: Check settings
+        from django.conf import settings
+        storage_mode = getattr(settings, 'AIWAF_STORAGE_MODE', 'models')
+        csv_dir = getattr(settings, 'AIWAF_CSV_DATA_DIR', 'aiwaf_data')
+        
+        self.stdout.write(f"Storage Mode: {storage_mode}")
+        self.stdout.write(f"CSV Directory: {csv_dir}")
+        self.stdout.write("")
+        
+        # Step 2: Check storage factory
+        try:
+            from aiwaf.storage import get_exemption_store, EXEMPTION_CSV, CSV_DATA_DIR, STORAGE_MODE
+            exemption_store = get_exemption_store()
+            
+            self.stdout.write(f"Exemption Store Class: {exemption_store.__name__}")
+            self.stdout.write(f"Expected CSV File: {EXEMPTION_CSV}")
+            self.stdout.write(f"CSV Directory: {CSV_DATA_DIR}")
+            self.stdout.write(f"Storage Mode from storage.py: {STORAGE_MODE}")
+            self.stdout.write("")
+            
+        except Exception as e:
+            self.stdout.write(self.style.ERROR(f"❌ Storage import failed: {e}"))
+            return
+        
+        # Step 3: Check file existence
+        if os.path.exists(EXEMPTION_CSV):
+            self.stdout.write(self.style.SUCCESS(f"✅ Exemption CSV exists: {EXEMPTION_CSV}"))
+            
+            # Read and display file contents
+            try:
+                with open(EXEMPTION_CSV, 'r', encoding='utf-8') as f:
+                    content = f.read().strip()
+                    if content:
+                        self.stdout.write(f"📄 File contents:\n{content}")
+                        self.stdout.write("")
+                    else:
+                        self.stdout.write("📄 File is empty")
+                        
+            except Exception as e:
+                self.stdout.write(self.style.ERROR(f"❌ Could not read file: {e}"))
+        else:
+            self.stdout.write(self.style.ERROR(f"❌ Exemption CSV not found: {EXEMPTION_CSV}"))
+            self.stdout.write("Creating test exemption...")
+            
+            # Create the exemption
+            try:
+                exemption_store.add_ip(test_ip, "Test exemption from debug")
+                self.stdout.write(self.style.SUCCESS("✅ Created test exemption"))
+            except Exception as e:
+                self.stdout.write(self.style.ERROR(f"❌ Failed to create exemption: {e}"))
+                return
+        
+        # Step 4: Test exemption check via storage
+        try:
+            is_exempted_storage = exemption_store.is_exempted(test_ip)
+            self.stdout.write(f"Direct storage check: {test_ip} exempted = {is_exempted_storage}")
+        except Exception as e:
+            self.stdout.write(self.style.ERROR(f"❌ Storage exemption check failed: {e}"))
+        
+        # Step 5: Test exemption check via utils function
+        try:
+            from aiwaf.utils import is_ip_exempted
+            is_exempted_utils = is_ip_exempted(test_ip)
+            self.stdout.write(f"Utils function check: {test_ip} exempted = {is_exempted_utils}")
+        except Exception as e:
+            self.stdout.write(self.style.ERROR(f"❌ Utils exemption check failed: {e}"))
+        
+        # Step 6: Test middleware import
+        try:
+            from aiwaf.middleware import IPAndKeywordBlockMiddleware
+            self.stdout.write("✅ Middleware import successful")
+        except Exception as e:
+            self.stdout.write(self.style.ERROR(f"❌ Middleware import failed: {e}"))
+        
+        # Step 7: Test CSV reading manually
+        if os.path.exists(EXEMPTION_CSV):
+            try:
+                import csv
+                self.stdout.write("\n📋 Manual CSV parsing:")
+                with open(EXEMPTION_CSV, 'r', newline='', encoding='utf-8') as f:
+                    reader = csv.DictReader(f)
+                    found = False
+                    for i, row in enumerate(reader):
+                        ip_in_row = row.get('ip_address', 'N/A')
+                        self.stdout.write(f"  Row {i}: ip_address = '{ip_in_row}'")
+                        if ip_in_row == test_ip:
+                            found = True
+                            self.stdout.write(f"  ✅ Found match for {test_ip}")
+                    
+                    if not found:
+                        self.stdout.write(f"  ❌ No match found for {test_ip}")
+                        
+            except Exception as e:
+                self.stdout.write(self.style.ERROR(f"❌ Manual CSV parsing failed: {e}"))
+        
+        self.stdout.write("")
+        self.stdout.write(self.style.HTTP_INFO("💡 Debugging Tips:"))
+        self.stdout.write("1. Check that AIWAF_STORAGE_MODE = 'csv' in settings.py")
+        self.stdout.write("2. Ensure the CSV file has proper headers: ip_address,reason,created_at")
+        self.stdout.write("3. Check file permissions on the CSV directory")
+        self.stdout.write("4. Verify no trailing/leading spaces in IP addresses")

aiwaf-0.1.9.0.6/aiwaf/management/commands/test_exemption_fix.py

@@ -0,0 +1,54 @@
+#!/usr/bin/env python3
+
+from django.core.management.base import BaseCommand
+from aiwaf.blacklist_manager import BlacklistManager
+from aiwaf.storage import get_exemption_store
+
+class Command(BaseCommand):
+    help = 'Test that exempted IPs are properly honored by BlacklistManager'
+
+    def add_arguments(self, parser):
+        parser.add_argument('--ip', default='97.187.30.95', help='IP address to test')
+
+    def handle(self, *args, **options):
+        test_ip = options['ip']
+        
+        self.stdout.write(f"\n=== Testing Exemption Fix for IP: {test_ip} ===")
+        
+        # Check exemption store
+        exemption_store = get_exemption_store()
+        is_exempted = exemption_store.is_exempted(test_ip)
+        self.stdout.write(f"1. Is IP exempted in storage? {is_exempted}")
+        
+        # Test BlacklistManager.block() - should not block exempted IPs
+        self.stdout.write(f"\n2. Testing BlacklistManager.block() on exempted IP...")
+        BlacklistManager.block(test_ip, "Test block attempt")
+        
+        # Check if actually blocked
+        is_blocked = BlacklistManager.is_blocked(test_ip)
+        self.stdout.write(f"3. Is IP blocked after block attempt? {is_blocked}")
+        
+        if is_exempted and not is_blocked:
+            self.stdout.write(self.style.SUCCESS("✅ PASS: Exempted IP was NOT blocked"))
+        elif is_exempted and is_blocked:
+            self.stdout.write(self.style.ERROR("❌ FAIL: Exempted IP was blocked (this should not happen)"))
+        elif not is_exempted:
+            self.stdout.write(self.style.WARNING("⚠️  IP is not exempted, blocking behavior is normal"))
+        
+        # Test with a non-exempted IP to verify blocking still works
+        test_non_exempted = "1.2.3.4"
+        self.stdout.write(f"\n4. Testing with non-exempted IP: {test_non_exempted}")
+        
+        is_exempted_2 = exemption_store.is_exempted(test_non_exempted)
+        self.stdout.write(f"   Is non-exempted IP exempted? {is_exempted_2}")
+        
+        BlacklistManager.block(test_non_exempted, "Test block non-exempted")
+        is_blocked_2 = BlacklistManager.is_blocked(test_non_exempted)
+        self.stdout.write(f"   Is non-exempted IP blocked? {is_blocked_2}")
+        
+        if not is_exempted_2 and is_blocked_2:
+            self.stdout.write(self.style.SUCCESS("✅ PASS: Non-exempted IP was properly blocked"))
+        else:
+            self.stdout.write(self.style.ERROR("❌ FAIL: Non-exempted IP blocking failed"))
+        
+        self.stdout.write(f"\n=== Test Complete ===")