On 25/12/2022 20.52, tristant wrote:
> Is there a mechanism in Django where we can identify the location of
> login? Any reading sources regarding this functionality would be much
> appreciated.
>
What you're looking for is something called geoip. To the best of my
knowledge there's no such thing build into Django (wouldn't really make
much sense anyway) but it should be trivial to query some geoip database
from your code and get a somewhat reliable idea on where that IP is
coming from.
There's no way that can be accurate but it might be useful for something
like detecting a locale (that the user can then change) or similar.
> Along the same line, is there a way to prevent a login attempt if the
> location is within certain blacklisted IP subnets?
>
It is trivial to spoof a source IP address once you reach the Django
application part of the communication. That's more of a feature than a
bug actually because of things like proxies etc.
If you want to blacklist IPs you have to do that on a lower level. For a
single server running Linux something like netfilter/iptables might be
used but I'm sure there are some more convenient scripts/services etc.
that might be used. The main point is that you cannot do this from your
Django code.
Hope that helps you in the right direction.
Kind regards,
Kasper Laudrup