Django library that allows to restrict access (user needs a key) to any django site in a plug-n-play fashion.
Switch branches/tags
Nothing to show
Fetching latest commit…
Cannot retrieve the latest commit at this time.
Failed to load latest commit information.


Django library that allows to restrict access (user needs a key) to any django site in a plug-n-play fashion. You won't need to change any of your current url conf's, user management pr application code, this works completely on the middleware layer.


  • Block your site from anyone who doesn't have correct access url.
  • Once access url is used, current users session allows access access for 1 hour (configurable). Same acess url can be used 2 times (configurable). Access url looks like:
  • Admin url that allows you to create access url's just by opening an url. You define the admin password in Admin url looks like:
  • This is not 100% security solution, but probably sufficient for showing your prototypes to friends or alpha testing your site.
  • If you logout the session in your app, your session becomes invalid (you'll need to use accessurl again).


  • Install with PIP: Install from this repository: pip install -e git+git://
  • Add to installed apps: In add djrestrictaccess to INSTALLED_APPS (needed for the models)
  • Add middleware: In add djrestrictaccess.restrictaccessmoddleware.RestrictAccessMiddleware to end of MIDDLEWARE_CLASSES.
  • Add admin password: In add variable PROTECTED_ADMIN_KEY that is 20 characters as your admin password. For example PROTECTED_ADMIN_KEY = "99999999998888888888"
  • Syncdb: Run python syncdb.

If you did the points above your site should be blocked from visitors who don't have the access url given by you.

Temporary uninstall: Remove the middleware from the MIDDLEWARE_CLASSES


  • Go to where you replace YOUR_20_CHAR_KEY with the key you set in Every time you open this url you get one new access url that can be used to access the site.
  • Access url looks like: that gives anyone that uses it 60min access to site for 2 times.

Access to site blocked without right access url:

Alt text

Access URL is generated by going to admin url:

Alt text

Access is grated when url is used:

Alt text


You can configure many error and status messages by assigning variables in (for example PROTECTED_SITE_NOT_PUBLIC_MSG = "Not allowed". Check protectmiddlewareapp/ to see all configurable variables.

Configurable variables default values (override them in


Configurable messages with default values (override them in

  • PROTECTED_SITE_NOT_PUBLIC_MSG='Site is not public. You need special url to get access.'
  • PROTECTED_ACCESS_GRANTED='You have access for {expiry_hours} hours on this session. You have {sessions_left} sessions left for your access url. Click <a href="/">HERE</a> to get to landing page.'
  • PROTECTED_NEW_ACCESSKEY_CREATED='New Access Key created successfully. This url gives access {access_times} times for {access_hours} hours each. Give this url to anyone who you wish to give access to: <div id="createdUrl">{created_url}</div>'
  • PROTECTED_ACCESS_GRANTED_ALREADY=You have already been granted access. Click <a href="/">HERE</a> to get to landing page.'
  • PROTECTED_ACCESS_EXPIRED='Your access time ran out.'
  • PROTECTED_NO_SESSION='Session not detected. Is the SessionMiddleware in the configuration.'