Skip to content
Django library that allows to restrict access (user needs a key) to any django site in a plug-n-play fashion.
Branch: master
Clone or download
Fetching latest commit…
Cannot retrieve the latest commit at this time.
Type Name Latest commit message Commit time
Failed to load latest commit information.


Django library that allows to restrict access (user needs a key) to any django site in a plug-n-play fashion. You won't need to change any of your current url conf's, user management pr application code, this works completely on the middleware layer.


  • Block your site from anyone who doesn't have correct access url.
  • Once access url is used, current users session allows access access for 1 hour (configurable). Same acess url can be used 2 times (configurable). Access url looks like:
  • Admin url that allows you to create access url's just by opening an url. You define the admin password in Admin url looks like:
  • This is not 100% security solution, but probably sufficient for showing your prototypes to friends or alpha testing your site.
  • If you logout the session in your app, your session becomes invalid (you'll need to use accessurl again).


  • Install with PIP: Install from this repository: pip install -e git+git://
  • Add to installed apps: In add djrestrictaccess to INSTALLED_APPS (needed for the models)
  • Add middleware: In add djrestrictaccess.restrictaccessmoddleware.RestrictAccessMiddleware to end of MIDDLEWARE_CLASSES.
  • Add admin password: In add variable PROTECTED_ADMIN_KEY that is 20 characters as your admin password. For example PROTECTED_ADMIN_KEY = "99999999998888888888"
  • Syncdb: Run python syncdb.

If you did the points above your site should be blocked from visitors who don't have the access url given by you.

Temporary uninstall: Remove the middleware from the MIDDLEWARE_CLASSES


  • Go to where you replace YOUR_20_CHAR_KEY with the key you set in Every time you open this url you get one new access url that can be used to access the site.
  • Access url looks like: that gives anyone that uses it 60min access to site for 2 times.

Access to site blocked without right access url:

Alt text

Access URL is generated by going to admin url:

Alt text

Access is grated when url is used:

Alt text


You can configure many error and status messages by assigning variables in (for example PROTECTED_SITE_NOT_PUBLIC_MSG = "Not allowed". Check protectmiddlewareapp/ to see all configurable variables.

Configurable variables default values (override them in


Configurable messages with default values (override them in

  • PROTECTED_SITE_NOT_PUBLIC_MSG='Site is not public. You need special url to get access.'
  • PROTECTED_ACCESS_GRANTED='You have access for {expiry_hours} hours on this session. You have {sessions_left} sessions left for your access url. Click <a href="/">HERE</a> to get to landing page.'
  • PROTECTED_NEW_ACCESSKEY_CREATED='New Access Key created successfully. This url gives access {access_times} times for {access_hours} hours each. Give this url to anyone who you wish to give access to: <div id="createdUrl">{created_url}</div>'
  • PROTECTED_ACCESS_GRANTED_ALREADY=You have already been granted access. Click <a href="/">HERE</a> to get to landing page.'
  • PROTECTED_ACCESS_EXPIRED='Your access time ran out.'
  • PROTECTED_NO_SESSION='Session not detected. Is the SessionMiddleware in the configuration.'
You can’t perform that action at this time.