Access Control Decorators¶

Access control decorators allow you to restrict access to specific endpoints based on IP addresses, geographic location, and cloud providers.

IP Address Filtering¶

Control access based on specific IP addresses or CIDR ranges:

. IP Whitelist¶

from djangoapi_guard import SecurityDecorator
from django.http import JsonResponse

guard_deco = SecurityDecorator(config)

@guard_deco.require_ip(whitelist=["192.168.1.0/24", "10.0.0.1"])
def internal_endpoint(request):
    return JsonResponse({"message": "Internal network access only"})

. IP Blacklist¶

@guard_deco.require_ip(blacklist=["203.0.113.0/24", "198.51.100.1"])
def public_endpoint(request):
    return JsonResponse({"message": "Public access except blocked IPs"})

Geographic Restrictions¶

. Block Specific Countries¶

@guard_deco.block_countries(["CN", "RU", "IR", "KP"])
def compliance_endpoint(request):
    return JsonResponse({"data": "Compliance-restricted content"})

. Allow Only Specific Countries¶

@guard_deco.allow_countries(["US"])
def us_only_endpoint(request):
    return JsonResponse({"data": "US-only content"})

Cloud Provider Blocking¶

@guard_deco.block_clouds(["AWS", "GCP"])
def no_clouds_endpoint(request):
    return JsonResponse({"data": "No cloud provider access"})

Bypassing Security Checks¶

@guard_deco.bypass(["rate_limit", "ip"])  # Bypass rate limiting and IP checks
def health_check(request):
    return JsonResponse({"status": "healthy"})

@guard_deco.bypass(["all"])  # Bypass all security checks
def public_health_check(request):
    return JsonResponse({"status": "public health endpoint"})

Combining Access Controls¶

@guard_deco.require_ip(whitelist=["10.0.0.0/8"])       # Internal network only
@guard_deco.allow_countries(["US", "CA"])              # North America only
@guard_deco.block_clouds(["AWS", "GCP"])               # No cloud providers
def ultra_secure_endpoint(request):
    return JsonResponse({"data": "Maximum security endpoint"})

Error Handling¶

403 Forbidden: IP not in whitelist, IP in blacklist, country blocked, cloud provider detected

Next Steps¶

Authentication Decorators - HTTPS and auth requirements
Rate Limiting Decorators - Custom rate controls
Behavioral Analysis - Monitor usage patterns
Content Filtering - Request validation

For complete API reference, see the Access Control API Documentation.