Penetration Detection

DjangoAPI Guard includes sophisticated penetration attempt detection to identify and block malicious requests.

---

Basic Configuration

GUARD_SECURITY_CONFIG = SecurityConfig(
    enable_penetration_detection=True,
    auto_ban_threshold=5,
    auto_ban_duration=3600,
    detection_compiler_timeout=2.0,
    detection_max_content_length=10000,
    detection_preserve_attack_patterns=True,
    detection_semantic_threshold=0.7,
)

---

Detection Patterns

The system checks for: SQL Injection, XSS, Command Injection, Path Traversal, Template Injection, HTTP Response Splitting, LDAP Injection, XML Injection, NoSQL Injection, and File Upload attacks.

---

Custom Detection Logic

from guard_core.sync.utils import detect_penetration_attempt
from django.http import JsonResponse

def submit_data(request):
    is_suspicious, trigger_info = detect_penetration_attempt(request)
    if is_suspicious:
        return JsonResponse({"error": f"Suspicious activity detected: {trigger_info}"}, status=400)
    return JsonResponse({"status": "success"})

---

Passive Mode

GUARD_SECURITY_CONFIG = SecurityConfig(
    enable_penetration_detection=True,
    passive_mode=True,  # Don't block, just log
)

---

Further Reading

• Detection Engine Overview
• Detection Engine Architecture
• Detection Engine Components
• Performance Tuning Guide