PyPI - aiwaf - Versions diffs - 0.1.9.3.2__tar.gz → 0.1.9.3.4__tar.gz - Mend

aiwaf 0.1.9.3.2tar.gz → 0.1.9.3.4tar.gz

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Potentially problematic release.

This version of aiwaf might be problematic. Click here for more details.

Files changed (82) hide show

{aiwaf-0.1.9.3.2 → aiwaf-0.1.9.3.4}/PKG-INFO RENAMED Viewed

@@ -1,6 +1,6 @@
 Metadata-Version: 2.4
 Name: aiwaf
-Version: 0.1.9.3.2
+Version: 0.1.9.3.4
 Summary: AI-powered Web Application Firewall
 Home-page: https://github.com/aayushgauba/aiwaf
 Author: Aayush Gauba
@@ -34,6 +34,7 @@ Dynamic: requires-python
 - ✅ **Enhanced Configuration** - `AIWAF_ALLOWED_PATH_KEYWORDS` and `AIWAF_EXEMPT_KEYWORDS`
 - ✅ **Comprehensive HTTP Method Validation** - Blocks GET→POST-only, POST→GET-only, unsupported REST methods
 - ✅ **Enhanced Honeypot Protection** - POST validation & 4-minute page timeout with smart reload detection
+- ✅ **HTTP Header Validation** - Comprehensive bot detection via header analysis and quality scoring
 ---
@@ -113,6 +114,50 @@ aiwaf/
 - **File‑Extension Probing Detection**
   Tracks repeated 404s on common extensions (e.g. `.php`, `.asp`) and blocks IPs.
+- **🆕 HTTP Header Validation**
+  Advanced header analysis to detect bots and malicious requests:
+  - **Missing Required Headers** - Blocks requests without User-Agent or Accept headers
+  - **Suspicious User-Agents** - Detects curl, wget, python-requests, automated tools
+  - **Header Quality Scoring** - Calculates realism score based on browser-standard headers
+  - **Legitimate Bot Whitelist** - Allows Googlebot, Bingbot, and other search engines
+  - **Header Combination Analysis** - Detects impossible combinations (HTTP/2 + old browsers)
+  - **Static File Exemption** - Skips validation for CSS, JS, images
+## 🛡️ Header Validation Middleware Features
+The **HeaderValidationMiddleware** provides advanced bot detection through HTTP header analysis:
+### **What it detects:**
+- **Missing Headers**: Requests without standard browser headers
+- **Suspicious User-Agents**: WordPress scanners, exploit tools, basic scrapers
+- **Bot-like Patterns**: Low header diversity, missing Accept headers
+- **Quality Scoring**: 0-11 point system based on header completeness
+### **What it allows:**
+- **Legitimate Browsers**: Chrome, Firefox, Safari, Edge with full headers
+- **Search Engine Bots**: Google, Bing, DuckDuckGo, Yandex crawlers
+- **API Clients**: Properly identified with good headers
+- **Static Files**: CSS, JS, images (automatically exempted)
+### **Real-world effectiveness:**
+```
+✅ Blocks: WordPress scanners, exploit bots, basic scrapers
+✅ Allows: Real browsers, legitimate bots, API clients
+✅ Quality Score: 10/11 = Legitimate, 2/11 = Suspicious bot
+```
+### **Testing header validation:**
+```bash
+# Test with curl (will be blocked - low quality headers)
+curl http://yoursite.com/
+# Test with browser (will be allowed - high quality headers)
+# Visit site normally in Chrome/Firefox
+# Check logs for header validation blocks
+python manage.py aiwaf_logging --recent
+```
 - **Enhanced Timing-Based Honeypot**
   Advanced GET→POST timing analysis with comprehensive HTTP method validation:
   - Submit forms faster than `AIWAF_MIN_FORM_TIME` seconds (default: 1 second)
@@ -859,7 +904,3 @@ This project is licensed under the **MIT License**. See the [LICENSE](LICENSE) f
 ---
-## Credits
-**AI‑WAF** by [Aayush Gauba](https://github.com/aayushgauba)
-> "Let your firewall learn and evolve — keep your site a fortress." your Django `INSTALLED_APPS` to avoid setup errors.

{aiwaf-0.1.9.3.2 → aiwaf-0.1.9.3.4}/README.md RENAMED Viewed

@@ -11,6 +11,7 @@
 - ✅ **Enhanced Configuration** - `AIWAF_ALLOWED_PATH_KEYWORDS` and `AIWAF_EXEMPT_KEYWORDS`
 - ✅ **Comprehensive HTTP Method Validation** - Blocks GET→POST-only, POST→GET-only, unsupported REST methods
 - ✅ **Enhanced Honeypot Protection** - POST validation & 4-minute page timeout with smart reload detection
+- ✅ **HTTP Header Validation** - Comprehensive bot detection via header analysis and quality scoring
 ---
@@ -90,6 +91,50 @@ aiwaf/
 - **File‑Extension Probing Detection**
   Tracks repeated 404s on common extensions (e.g. `.php`, `.asp`) and blocks IPs.
+- **🆕 HTTP Header Validation**
+  Advanced header analysis to detect bots and malicious requests:
+  - **Missing Required Headers** - Blocks requests without User-Agent or Accept headers
+  - **Suspicious User-Agents** - Detects curl, wget, python-requests, automated tools
+  - **Header Quality Scoring** - Calculates realism score based on browser-standard headers
+  - **Legitimate Bot Whitelist** - Allows Googlebot, Bingbot, and other search engines
+  - **Header Combination Analysis** - Detects impossible combinations (HTTP/2 + old browsers)
+  - **Static File Exemption** - Skips validation for CSS, JS, images
+## 🛡️ Header Validation Middleware Features
+The **HeaderValidationMiddleware** provides advanced bot detection through HTTP header analysis:
+### **What it detects:**
+- **Missing Headers**: Requests without standard browser headers
+- **Suspicious User-Agents**: WordPress scanners, exploit tools, basic scrapers
+- **Bot-like Patterns**: Low header diversity, missing Accept headers
+- **Quality Scoring**: 0-11 point system based on header completeness
+### **What it allows:**
+- **Legitimate Browsers**: Chrome, Firefox, Safari, Edge with full headers
+- **Search Engine Bots**: Google, Bing, DuckDuckGo, Yandex crawlers
+- **API Clients**: Properly identified with good headers
+- **Static Files**: CSS, JS, images (automatically exempted)
+### **Real-world effectiveness:**
+```
+✅ Blocks: WordPress scanners, exploit bots, basic scrapers
+✅ Allows: Real browsers, legitimate bots, API clients
+✅ Quality Score: 10/11 = Legitimate, 2/11 = Suspicious bot
+```
+### **Testing header validation:**
+```bash
+# Test with curl (will be blocked - low quality headers)
+curl http://yoursite.com/
+# Test with browser (will be allowed - high quality headers)
+# Visit site normally in Chrome/Firefox
+# Check logs for header validation blocks
+python manage.py aiwaf_logging --recent
+```
 - **Enhanced Timing-Based Honeypot**
   Advanced GET→POST timing analysis with comprehensive HTTP method validation:
   - Submit forms faster than `AIWAF_MIN_FORM_TIME` seconds (default: 1 second)
@@ -836,7 +881,3 @@ This project is licensed under the **MIT License**. See the [LICENSE](LICENSE) f
 ---
-## Credits
-**AI‑WAF** by [Aayush Gauba](https://github.com/aayushgauba)
-> "Let your firewall learn and evolve — keep your site a fortress." your Django `INSTALLED_APPS` to avoid setup errors.

{aiwaf-0.1.9.3.2 → aiwaf-0.1.9.3.4}/aiwaf/__init__.py RENAMED Viewed

@@ -1,6 +1,6 @@
 default_app_config = "aiwaf.apps.AiwafConfig"
-__version__ = "0.1.9.3.2"
+__version__ = "0.1.9.3.3"
 # Note: Middleware classes are available from aiwaf.middleware
 # Import them only when needed to avoid circular imports during Django app loading

aiwaf 0.1.9.3.2__tar.gz → 0.1.9.3.4__tar.gz

Potentially problematic release.

aiwaf 0.1.9.3.2tar.gz → 0.1.9.3.4tar.gz