duck.http.middlewares.security.header

Module for header middlewares.

Module Contents

Classes

HeaderInjectionMiddleware	HeaderInjectionMiddleware class mitigating against various header injection attacks like Potential Session Fixation (Multiple Cookies), XSS (Script Tag Detected), Potential Open Redirect (External URL), Potential Cache Poisoning (Anti-Caching Headers).
HostMiddleware	Host Middleware class mitigating against requests from unknown sources and other host header issues.

Functions

is_valid_host

Super-fast validation of hostname or IP address, optionally with a port. Returns a tuple (is_valid, message).

Data

HOSTNAME_LABEL_RE
MAX_HOSTNAME_LENGTH

API

duck.http.middlewares.security.header.HOSTNAME_LABEL_RE

‘compile(…)’

class duck.http.middlewares.security.header.HeaderInjectionMiddleware

Bases: duck.http.middlewares.BaseMiddleware

HeaderInjectionMiddleware class mitigating against various header injection attacks like Potential Session Fixation (Multiple Cookies), XSS (Script Tag Detected), Potential Open Redirect (External URL), Potential Cache Poisoning (Anti-Caching Headers).

debug_message: str

‘HeaderInjectionMiddleware: Potential header injection’

classmethod get_error_response(request)

classmethod process_request(request)

class duck.http.middlewares.security.header.HostMiddleware

Bases: duck.http.middlewares.BaseMiddleware

Host Middleware class mitigating against requests from unknown sources and other host header issues.

allowed_hosts

None

debug_message: str

‘HostMiddleware: Host invalid/unrecognized’

classmethod get_error_response(request)

classmethod process_request(request)

duck.http.middlewares.security.header.MAX_HOSTNAME_LENGTH

253

duck.http.middlewares.security.header.is_valid_host(host)

Super-fast validation of hostname or IP address, optionally with a port. Returns a tuple (is_valid, message).