aiwaf 0.1.9.2.8__tar.gz → 0.1.9.2.9__tar.gz

{aiwaf-0.1.9.2.8 → aiwaf-0.1.9.2.9}/PKG-INFO

@@ -1,6 +1,6 @@
 Metadata-Version: 2.4
 Name: aiwaf
-Version: 0.1.9.2.8
+Version: 0.1.9.2.9
 Summary: AI-powered Web Application Firewall
 Home-page: https://github.com/aayushgauba/aiwaf
 Author: Aayush Gauba
@@ -806,13 +806,25 @@ python manage.py aiwaf_reset --blacklist --confirm
 
 ---
 
-## 📄 License
+## Sponsors
+
+This project is proudly supported by:
+
+<a href="https://www.digitalocean.com/">
+  <img src="https://opensource.nyc3.cdn.digitaloceanspaces.com/attribution/assets/SVG/DO_Logo_horizontal_blue.svg" width="201px">
+</a>
+
+[DigitalOcean](https://www.digitalocean.com/) provides the cloud infrastructure that powers AIWAF development.
+
+---
+
+## License
 
 This project is licensed under the **MIT License**. See the [LICENSE](LICENSE) file for details.
 
 ---
 
-## 👤 Credits
+## Credits
 
 **AI‑WAF** by [Aayush Gauba](https://github.com/aayushgauba)  
-> “Let your firewall learn and evolve — keep your site a fortress.”
+> "Let your firewall learn and evolve — keep your site a fortress." your Django `INSTALLED_APPS` to avoid setup errors.

{aiwaf-0.1.9.2.8 → aiwaf-0.1.9.2.9}/README.md

@@ -783,13 +783,25 @@ python manage.py aiwaf_reset --blacklist --confirm
 
 ---
 
-## 📄 License
+## Sponsors
+
+This project is proudly supported by:
+
+<a href="https://www.digitalocean.com/">
+  <img src="https://opensource.nyc3.cdn.digitaloceanspaces.com/attribution/assets/SVG/DO_Logo_horizontal_blue.svg" width="201px">
+</a>
+
+[DigitalOcean](https://www.digitalocean.com/) provides the cloud infrastructure that powers AIWAF development.
+
+---
+
+## License
 
 This project is licensed under the **MIT License**. See the [LICENSE](LICENSE) file for details.
 
 ---
 
-## 👤 Credits
+## Credits
 
 **AI‑WAF** by [Aayush Gauba](https://github.com/aayushgauba)  
-> “Let your firewall learn and evolve — keep your site a fortress.”
+> "Let your firewall learn and evolve — keep your site a fortress." your Django `INSTALLED_APPS` to avoid setup errors.

{aiwaf-0.1.9.2.8 → aiwaf-0.1.9.2.9}/aiwaf/__init__.py

@@ -1,6 +1,6 @@
 default_app_config = "aiwaf.apps.AiwafConfig"
 
-__version__ = "0.1.9.2.8"
+__version__ = "0.1.9.2.9"
 
 # Note: Middleware classes are available from aiwaf.middleware
 # Import them only when needed to avoid circular imports during Django app loading

aiwaf-0.1.9.2.9/aiwaf/management/commands/detect_and_train.py

@@ -0,0 +1,22 @@
+from django.core.management.base import BaseCommand
+from aiwaf.trainer import train
+
+class Command(BaseCommand):
+    help = "Run AI‑WAF detect & retrain"
+
+    def add_arguments(self, parser):
+        parser.add_argument(
+            '--disable-ai',
+            action='store_true',
+            help='Disable AI model training, only perform keyword learning'
+        )
+
+    def handle(self, *args, **options):
+        disable_ai = options.get('disable_ai', False)
+        
+        if disable_ai:
+            self.stdout.write(self.style.WARNING("AI model training disabled - keyword learning only"))
+        
+        train(disable_ai=disable_ai)
+        self.stdout.write(self.style.SUCCESS("Done."))
+

{aiwaf-0.1.9.2.8 → aiwaf-0.1.9.2.9}/aiwaf/management/commands/regenerate_model.py

@@ -11,6 +11,11 @@ class Command(BaseCommand):
             action='store_true',
             help='Force regeneration even if model exists',
         )
+        parser.add_argument(
+            '--disable-ai',
+            action='store_true',
+            help='Disable AI model training, only perform keyword learning'
+        )
 
     def handle(self, *args, **options):
         self.stdout.write(self.style.HTTP_INFO("🔄 AI-WAF Model Regeneration"))
@@ -58,16 +63,28 @@ class Command(BaseCommand):
             self.stdout.write("Regenerating model to fix version compatibility...")
         
         # Regenerate model
-        self.stdout.write("🚀 Starting model training...")
+        disable_ai = options.get('disable_ai', False)
+        
+        if disable_ai:
+            self.stdout.write("� AI model training disabled - keyword learning only")
+            self.stdout.write("🚀 Starting keyword training...")
+        else:
+            self.stdout.write("�🚀 Starting model training...")
         
         try:
             from aiwaf.trainer import train
-            train()
-            self.stdout.write("")
-            self.stdout.write(self.style.SUCCESS("✅ Model regenerated successfully!"))
+            train(disable_ai=disable_ai)
             self.stdout.write("")
-            self.stdout.write("The model is now compatible with your current scikit-learn version.")
-            self.stdout.write("Version warnings should no longer appear.")
+            
+            if disable_ai:
+                self.stdout.write(self.style.SUCCESS("✅ Keyword training completed successfully!"))
+                self.stdout.write("")
+                self.stdout.write("Keyword-based protection is now active.")
+            else:
+                self.stdout.write(self.style.SUCCESS("✅ Model regenerated successfully!"))
+                self.stdout.write("")
+                self.stdout.write("The model is now compatible with your current scikit-learn version.")
+                self.stdout.write("Version warnings should no longer appear.")
             
         except Exception as e:
             self.stdout.write("")

{aiwaf-0.1.9.2.8 → aiwaf-0.1.9.2.9}/aiwaf/middleware.py

@@ -32,6 +32,12 @@ def load_model_safely():
     import warnings
     import sklearn
     
+    # Check if AI is disabled globally
+    ai_disabled = getattr(settings, "AIWAF_DISABLE_AI", False)
+    if ai_disabled:
+        print("AI functionality disabled via AIWAF_DISABLE_AI setting")
+        return None
+    
     try:
         # Suppress sklearn version warnings temporarily
         with warnings.catch_warnings():
@@ -46,13 +52,13 @@ def load_model_safely():
                 current_version = sklearn.__version__
                 
                 if stored_version != current_version:
-                    print(f"ℹ️  Model was trained with sklearn v{stored_version}, current v{current_version}")
+                    print(f"Model was trained with sklearn v{stored_version}, current v{current_version}")
                     print("   Run 'python manage.py detect_and_train' to update model if needed.")
                 
                 return model
             else:
                 # Old format - direct model object
-                print("ℹ️  Using legacy model format. Consider retraining for better compatibility.")
+                print("Using legacy model format. Consider retraining for better compatibility.")
                 return model_data
                 
     except Exception as e:

{aiwaf-0.1.9.2.8 → aiwaf-0.1.9.2.9}/aiwaf/storage.py

@@ -19,7 +19,6 @@ def _import_models():
     
     if FeatureSample is not None:
         return  # Already imported
-    
     try:
         from django.apps import apps
         if apps.ready:
@@ -84,7 +83,6 @@ class ModelFeatureStore:
             if df.empty:
                 return df
             
-            # Ensure proper column order and types
             feature_cols = ['path_len', 'kw_hits', 'resp_time', 'status_idx', 'burst_count', 'total_404']
             for col in feature_cols:
                 if col in df.columns:
@@ -292,12 +290,12 @@ class ModelKeywordStore:
         """Add a keyword to the dynamic keyword list"""
         _import_models()
         if DynamicKeyword is None:
-            # Use fallback storage
+            # Use fallback storage when Django models not available
             ModelKeywordStore._load_fallback_keywords()
             _fallback_keywords[keyword] += count
             ModelKeywordStore._save_fallback_keywords()
             import sys
-            print(f"Warning: Using fallback storage for keyword '{keyword}' - Django models not available.", file=sys.stderr)
+            print(f"Info: Using fallback storage for keyword '{keyword}' - Django models not available.", file=sys.stderr)
             return
         try:
             obj, created = DynamicKeyword.objects.get_or_create(keyword=keyword)
@@ -372,6 +370,18 @@ class ModelKeywordStore:
         except Exception as e:
             print(f"Error resetting keywords: {e}")
 
+    def add_keyword_for_route(self, route, keyword, count=1):
+        """Add a keyword for a specific route (fallback method)"""
+        # For now, just use the general add_keyword method
+        # In a full implementation, this would handle route-specific storage
+        return ModelKeywordStore.add_keyword(keyword, count)
+    
+    def get_keywords_for_route(self, route):
+        """Get keywords for a specific route (fallback method)"""
+        # For now, return all keywords
+        # In a full implementation, this would return route-specific keywords
+        return ModelKeywordStore.get_all_keywords()
+
 # Factory functions that only return Django model stores
 def get_feature_store():
     """Get the feature store (Django models only)"""

{aiwaf-0.1.9.2.8 → aiwaf-0.1.9.2.9}/aiwaf/trainer.py

@@ -3,13 +3,10 @@ import glob
 import gzip
 import re
 import joblib
-
 from datetime import datetime
 from collections import defaultdict, Counter
-
 import pandas as pd
 from sklearn.ensemble import IsolationForest
-
 from django.conf import settings
 from django.apps import apps
 from django.db.models import F
@@ -409,9 +406,16 @@ def _is_malicious_context_trainer(path: str, keyword: str, status: str = "404")
     return any(malicious_indicators)
 
 
-def train() -> None:
-    """Enhanced training with improved keyword filtering and exemption handling"""
-    print("🚀 Starting AIWAF enhanced training...")
+def train(disable_ai=False) -> None:
+    """Enhanced training with improved keyword filtering and exemption handling
+    
+    Args:
+        disable_ai (bool): If True, skip AI model training and only do keyword learning
+    """
+    print("Starting AIWAF enhanced training...")
+    
+    if disable_ai:
+        print("AI model training disabled - keyword learning only")
     
     # Remove exempt keywords first
     remove_exempt_keywords()
@@ -421,7 +425,7 @@ def train() -> None:
     
     exempted_ips = [entry['ip_address'] for entry in exemption_store.get_all()]
     if exempted_ips:
-        print(f"🛡️  Found {len(exempted_ips)} exempted IPs - clearing from blacklist")
+        print(f"Found {len(exempted_ips)} exempted IPs - clearing from blacklist")
         for ip in exempted_ips:
             BlacklistManager.unblock(ip)
     
@@ -484,85 +488,100 @@ def train() -> None:
         })
 
     if not feature_dicts:
-        print("⚠️ Nothing to train on – no valid log entries.")
+        print(" Nothing to train on – no valid log entries.")
         return
 
-    df = pd.DataFrame(feature_dicts)
-    feature_cols = [c for c in df.columns if c != "ip"]
-    X = df[feature_cols].astype(float).values
-    model = IsolationForest(
-        contamination=getattr(settings, "AIWAF_AI_CONTAMINATION", 0.05), 
-        random_state=42
-    )
-    
-    # Suppress sklearn warnings during training
-    import warnings
-    with warnings.catch_warnings():
-        warnings.filterwarnings("ignore", category=UserWarning, module="sklearn")
-        model.fit(X)
-
-    os.makedirs(os.path.dirname(MODEL_PATH), exist_ok=True)
-    
-    # Save model with version metadata
-    import sklearn
-    from django.utils import timezone as django_timezone
-    model_data = {
-        'model': model,
-        'sklearn_version': sklearn.__version__,
-        'created_at': str(django_timezone.now()),
-        'feature_count': len(feature_cols),
-        'samples_count': len(X)
-    }
-    joblib.dump(model_data, MODEL_PATH)
-    print(f"✅ Model trained on {len(X)} samples → {MODEL_PATH}")
-    print(f"📦 Created with scikit-learn v{sklearn.__version__}")
-    
-    # Check for anomalies and intelligently decide which IPs to block
-    preds = model.predict(X)
-    anomalous_ips = set(df.loc[preds == -1, "ip"])
-    
-    if anomalous_ips:
-        print(f"⚠️  Detected {len(anomalous_ips)} potentially anomalous IPs during training")
-        
-        exemption_store = get_exemption_store()
-        blacklist_store = get_blacklist_store()
-        blocked_count = 0
+    # AI Model Training (optional)
+    blocked_count = 0
+    if not disable_ai:
+        print(" Training AI anomaly detection model...")
         
-        for ip in anomalous_ips:
-            # Skip if IP is exempted
-            if exemption_store.is_exempted(ip):
-                continue
+        try:
+            df = pd.DataFrame(feature_dicts)
+            feature_cols = [c for c in df.columns if c != "ip"]
+            X = df[feature_cols].astype(float).values
+            model = IsolationForest(
+                contamination=getattr(settings, "AIWAF_AI_CONTAMINATION", 0.05), 
+                random_state=42
+            )
             
-            # Get this IP's behavior from the data
-            ip_data = df[df["ip"] == ip]
+            # Suppress sklearn warnings during training
+            import warnings
+            with warnings.catch_warnings():
+                warnings.filterwarnings("ignore", category=UserWarning, module="sklearn")
+                model.fit(X)
+
+            os.makedirs(os.path.dirname(MODEL_PATH), exist_ok=True)
             
-            # Criteria to determine if this is likely a legitimate user vs threat:
-            avg_kw_hits = ip_data["kw_hits"].mean()
-            max_404s = ip_data["total_404"].max()
-            avg_burst = ip_data["burst_count"].mean()
-            total_requests = len(ip_data)
+            # Save model with version metadata
+            import sklearn
+            from django.utils import timezone as django_timezone
+            model_data = {
+                'model': model,
+                'sklearn_version': sklearn.__version__,
+                'created_at': str(django_timezone.now()),
+                'feature_count': len(feature_cols),
+                'samples_count': len(X)
+            }
+            joblib.dump(model_data, MODEL_PATH)
+            print(f"Model trained on {len(X)} samples → {MODEL_PATH}")
+            print(f"Created with scikit-learn v{sklearn.__version__}")
             
-            # Don't block if it looks like legitimate behavior:
-            if (
-                avg_kw_hits < 2 and           # Not hitting many malicious keywords
-                max_404s < 10 and            # Not excessive 404s
-                avg_burst < 15 and           # Not excessive burst activity
-                total_requests < 100         # Not excessive total requests
-            ):
-                print(f"   - {ip}: Anomalous but looks legitimate (kw:{avg_kw_hits:.1f}, 404s:{max_404s}, burst:{avg_burst:.1f}) - NOT blocking")
-                continue
+            # Check for anomalies and intelligently decide which IPs to block
+            preds = model.predict(X)
+            anomalous_ips = set(df.loc[preds == -1, "ip"])
             
-            # Block if it shows clear signs of malicious behavior
-            BlacklistManager.block(ip, f"AI anomaly + suspicious patterns (kw:{avg_kw_hits:.1f}, 404s:{max_404s}, burst:{avg_burst:.1f})")
-            blocked_count += 1
-            print(f"   - {ip}: Blocked for suspicious behavior (kw:{avg_kw_hits:.1f}, 404s:{max_404s}, burst:{avg_burst:.1f})")
+            if anomalous_ips:
+                print(f"Detected {len(anomalous_ips)} potentially anomalous IPs during training")
+                
+                exemption_store = get_exemption_store()
+                blacklist_store = get_blacklist_store()
+                
+                for ip in anomalous_ips:
+                    # Skip if IP is exempted
+                    if exemption_store.is_exempted(ip):
+                        continue
+                    
+                    # Get this IP's behavior from the data
+                    ip_data = df[df["ip"] == ip]
+                    
+                    # Criteria to determine if this is likely a legitimate user vs threat:
+                    avg_kw_hits = ip_data["kw_hits"].mean()
+                    max_404s = ip_data["total_404"].max()
+                    avg_burst = ip_data["burst_count"].mean()
+                    total_requests = len(ip_data)
+                    
+                    # Don't block if it looks like legitimate behavior:
+                    if (
+                        avg_kw_hits < 2 and           # Not hitting many malicious keywords
+                        max_404s < 10 and            # Not excessive 404s
+                        avg_burst < 15 and           # Not excessive burst activity
+                        total_requests < 100         # Not excessive total requests
+                    ):
+                        print(f"   - {ip}: Anomalous but looks legitimate (kw:{avg_kw_hits:.1f}, 404s:{max_404s}, burst:{avg_burst:.1f}) - NOT blocking")
+                        continue
+                    
+                    # Block if it shows clear signs of malicious behavior
+                    BlacklistManager.block(ip, f"AI anomaly + suspicious patterns (kw:{avg_kw_hits:.1f}, 404s:{max_404s}, burst:{avg_burst:.1f})")
+                    blocked_count += 1
+                    print(f"   - {ip}: Blocked for suspicious behavior (kw:{avg_kw_hits:.1f}, 404s:{max_404s}, burst:{avg_burst:.1f})")
+                
+                print(f"   → Blocked {blocked_count}/{len(anomalous_ips)} anomalous IPs (others looked legitimate)")
         
-        print(f"   → Blocked {blocked_count}/{len(anomalous_ips)} anomalous IPs (others looked legitimate)")
+        except ImportError as e:
+            print(f"AI model training failed - missing dependencies: {e}")
+            print("   Continuing with keyword learning only...")
+        except Exception as e:
+            print(f"AI model training failed: {e}")
+            print("   Continuing with keyword learning only...")
+    else:
+        print("AI model training skipped (disabled)")
+        df = pd.DataFrame(feature_dicts)  # Still need df for some operations
 
     tokens = Counter()
     legitimate_keywords = get_legitimate_keywords()
     
-    print(f"🔍 Learning keywords from {len(parsed)} parsed requests...")
+    print(f"Learning keywords from {len(parsed)} parsed requests...")
     
     for r in parsed:
         # Only learn from suspicious requests (errors on non-existent paths)
@@ -603,22 +622,35 @@ def train() -> None:
             learned_from_paths.extend(example_paths[:2])  # Track first 2 example paths
     
     if filtered_tokens:
-        print(f"📝 Added {len(filtered_tokens)} suspicious keywords: {[kw for kw, _ in filtered_tokens]}")
-        print(f"🎯 Example malicious paths learned from: {learned_from_paths[:5]}")  # Show first 5
+        print(f"Added {len(filtered_tokens)} suspicious keywords: {[kw for kw, _ in filtered_tokens]}")
+        print(f"Example malicious paths learned from: {learned_from_paths[:5]}")  # Show first 5
     else:
-        print("✅ No new suspicious keywords learned (good sign!)")
+        print("No new suspicious keywords learned (good sign!)")
     
-    print(f"🎯 Smart keyword learning complete. Excluded {len(legitimate_keywords)} legitimate keywords.")
-    print(f"🔒 Used malicious context analysis to filter out false positives.")
+    print(f"Smart keyword learning complete. Excluded {len(legitimate_keywords)} legitimate keywords.")
+    print(f"Used malicious context analysis to filter out false positives.")
     
     # Training summary
     print("\n" + "="*60)
-    print("🎉 AIWAF ENHANCED TRAINING COMPLETE")
+    if disable_ai:
+        print("AIWAF KEYWORD-ONLY TRAINING COMPLETE")
+    else:
+        print("AIWAF ENHANCED TRAINING COMPLETE")
     print("="*60)
-    print(f"📊 Training Data: {len(parsed)} log entries processed")
-    print(f"🤖 AI Model: Trained with {len(feature_cols)} features")
-    print(f"🚫 Blocked IPs: {blocked_count if 'blocked_count' in locals() else 0} suspicious IPs blocked")
-    print(f"🔑 Keywords: {len(filtered_tokens)} new suspicious keywords learned")
-    print(f"🛡️  Exemptions: {len(exempted_ips)} IPs protected from blocking")
-    print(f"✅ Enhanced protection now active with context-aware filtering!")
+    print(f"Training Data: {len(parsed)} log entries processed")
+    
+    if not disable_ai:
+        print(f"AI Model: Trained with {len(feature_cols) if 'feature_cols' in locals() else 'N/A'} features")
+        print(f"Blocked IPs: {blocked_count} suspicious IPs blocked")
+    else:
+        print(f"AI Model: Disabled (keyword learning only)")
+        print(f"Blocked IPs: 0 (AI blocking disabled)")
+        
+    print(f"Keywords: {len(filtered_tokens)} new suspicious keywords learned")
+    print(f"Exemptions: {len(exempted_ips)} IPs protected from blocking")
+    
+    if disable_ai:
+        print(f"Keyword-based protection now active with context-aware filtering!")
+    else:
+        print(f"Enhanced protection now active with context-aware filtering!")
     print("="*60)

{aiwaf-0.1.9.2.8 → aiwaf-0.1.9.2.9}/aiwaf.egg-info/PKG-INFO

@@ -1,6 +1,6 @@
 Metadata-Version: 2.4
 Name: aiwaf
-Version: 0.1.9.2.8
+Version: 0.1.9.2.9
 Summary: AI-powered Web Application Firewall
 Home-page: https://github.com/aayushgauba/aiwaf
 Author: Aayush Gauba
@@ -806,13 +806,25 @@ python manage.py aiwaf_reset --blacklist --confirm
 
 ---
 
-## 📄 License
+## Sponsors
+
+This project is proudly supported by:
+
+<a href="https://www.digitalocean.com/">
+  <img src="https://opensource.nyc3.cdn.digitaloceanspaces.com/attribution/assets/SVG/DO_Logo_horizontal_blue.svg" width="201px">
+</a>
+
+[DigitalOcean](https://www.digitalocean.com/) provides the cloud infrastructure that powers AIWAF development.
+
+---
+
+## License
 
 This project is licensed under the **MIT License**. See the [LICENSE](LICENSE) file for details.
 
 ---
 
-## 👤 Credits
+## Credits
 
 **AI‑WAF** by [Aayush Gauba](https://github.com/aayushgauba)  
-> “Let your firewall learn and evolve — keep your site a fortress.”
+> "Let your firewall learn and evolve — keep your site a fortress." your Django `INSTALLED_APPS` to avoid setup errors.

{aiwaf-0.1.9.2.8 → aiwaf-0.1.9.2.9}/pyproject.toml

@@ -1,6 +1,6 @@
 [project]
 name = "aiwaf"
-version = "0.1.9.2.8"
+version = "0.1.9.2.9"
 description = "AI-powered Web Application Firewall"
 readme = "README.md"
 requires-python = ">=3.8"

{aiwaf-0.1.9.2.8 → aiwaf-0.1.9.2.9}/setup.py

@@ -9,7 +9,7 @@ long_description = (HERE / "README.md").read_text(encoding="utf-8")
 
 setup(
     name="aiwaf",
-    version="0.1.9.2.8",
+    version="0.1.9.2.9",
     description="AI‑driven, self‑learning Web Application Firewall for Django",
     long_description=long_description,
     long_description_content_type="text/markdown",

aiwaf-0.1.9.2.8/aiwaf/management/commands/detect_and_train.py

@@ -1,10 +0,0 @@
-from django.core.management.base import BaseCommand
-from aiwaf.trainer import train
-
-class Command(BaseCommand):
-    help = "Run AI‑WAF detect & retrain"
-
-    def handle(self, *args, **options):
-        train()
-        self.stdout.write(self.style.SUCCESS("Done."))
-