skip to navigation
skip to content

stopforumspam 1.8

Django middleware for blocking IPs listed in

Tired of comment spam, form spam and dumb crawlers? A django application that provides middleware for blocking IPs listed in’s database. It only reacts on POST requests, so don’t worry about a huge table of rules having to be passed at every request. It’s quite painless.

A simple management command is provided for updating the database from sfsupdate [--force]

Using this command, all IPs are stored in Django models, and using django-admin, it’s possible to add your own extra IP addresses on a permanent database.


  • Django 1.7+
  • Python 2.7 and 3+


  1. Install the latest release from pypi:

    sudo pip install stopforumspam
  2. Add this to settings.MIDDLEWARE_CLASSES:

  3. Then add this to INSTALLED_APPS:

  4. And run:

    python syncdb
  5. To insert all the IPs run this command, which you should make a cronjob (run it every 24h):

    python sfsupdate


The following options exist for your project’s file:

To check ALL POST requests:


To ignore some URLS:

SFS_URLS_IGNORE = ["url_name", "/url/path"]

To only include some URLS (only works if SFS_ALL_POST_REQUEST=False):

SFS_URLS_INCLUDE = ["url_name", "/url/path"]

If your application is behind a set of proxy, you can use a specific HTTP Header as a source of the client IP:

SFS_HTTP_HEADER = "X-Forwarded-For"

Synching with

Be nice to their servers and remember that they have strict enforcements on the files that they offer. So before you start testing, you could consider using a local file as a test.

To configure where to download the file from (you can MAX download 2 times a day) - see for more resources:


But you should really use a local file if you have more than 1 Django project with stopforumspam running from the same IP address. To do this, use a local protocol:

SFS_SOURCE_ZIP = "file:///path/to/"

You can control how often at most the update should be performed:


…and how long back the log should remember the rejection of POSTS and IPs:

SFS_LOG_EXPIRE = 1 #days

Remember to configure this as well – it’s the name of the file inside the .zip file:

SFS_ZIP_FILENAME = "listed_ip_7.txt"

For testing you can force all requests to be checked:


Cron Jobs

You probably want to automatically update the list of blocked IP addresses every 24 hours or 48 hours. To do that, you can insert a line in crontab:

0 2 * * * python /your/project/path/ sfsupdate -q

The above would update at 2 AM every night. If you have several projects and sync them with a local file, you can add:

0 2 * * * wget -O /tmp/ ; python /your/project/path/ sfsupdate -q
File Type Py Version Uploaded on Size
stopforumspam-1.8-py2.py3-none-any.whl (md5, pgp) Python Wheel py2.py3 2017-05-09 9KB
stopforumspam-1.8.tar.gz (md5, pgp) Source 2017-05-09 6KB