Metadata-Version: 2.0
Name: shadowd
Version: 3.0.1
Summary: Python connector for the Shadow Daemon web application firewall
Home-page: http://github.com/zecure/shadowd_python
Author: Hendrik Buchwald
Author-email: hb@zecure.org
License: GPLv2
Keywords: waf security shadowd
Platform: UNKNOWN
Classifier: Development Status :: 5 - Production/Stable
Classifier: Intended Audience :: System Administrators
Classifier: Environment :: Web Environment
Classifier: License :: OSI Approved :: GNU General Public License v2 (GPLv2)
Classifier: Programming Language :: Python :: 2
Classifier: Topic :: Internet :: WWW/HTTP
Classifier: Topic :: System :: Networking :: Firewalls

.. image:: http://shadowd.zecure.org/img/logo_small.png
.. image:: https://travis-ci.org/zecure/shadowd_python.svg
    :target: https://travis-ci.org/zecure/shadowd_python
.. image:: https://sonarcloud.io/api/project_badges/measure?project=zecure_shadowd_python&metric=alert_status
    :target: https://sonarcloud.io/dashboard?id=zecure_shadowd_python

**Shadow Daemon** is a collection of tools to **detect**, **record** and **prevent** **attacks** on *web applications*.
Technically speaking, Shadow Daemon is a **web application firewall** that intercepts requests and filters out malicious parameters.
It is a modular system that separates web application, analysis and interface to increase security, flexibility and expandability.

This component can be used to connect Python applications with the `background server <https://github.com/zecure/shadowd>`_.

Documentation
=============
For the full documentation please refer to `shadowd.zecure.org <https://shadowd.zecure.org/>`_.

Installation
============
You can install the package with easy_install or pip:

::

   easy_install shadowd
   pip install shadowd

It is also possible to clone this repository and install the package manually:

::

    python setup.py install

You also have to create a configuration file. You can copy *misc/examples/connectors.ini* to */etc/shadowd/connectors.ini*.
The example configuration is annotated and should be self-explanatory.

CGI
---
To protect CGI applications you simply have to load the module:

::

    import shadowd.cgi_connector

Django
------
Django applications require a small modification. It is necessary to create a hook to intercept requests.
To do this create the file *middleware/shadowdconnector.py* in the application directory:

::

    from shadowd.django_connector import InputDjango, OutputDjango, Connector

    class ShadowdConnectorMiddleware(object):
        def process_request(self, request):
            input = InputDjango(request)
            output = OutputDjango()

            status = Connector().start(input, output)
            if not status == True:
                return status

There also has to be an empty *__init__.py* file in the middleware directory.
Next you have to register the middleware in the *settings.py* file of your application:

::

    MIDDLEWARE_CLASSES = (
        'middleware.shadowdconnector.ShadowdConnectorMiddleware',
        # ...
    )

The connector should be at the beginning of the *MIDDLEWARE_CLASSES* list.

Flask
------
Flask applications require a small modification as well. It is necessary to create a hook to intercept requests:

::

    from shadowd.flask_connector import InputFlask, OutputFlask, Connector

    @app.before_request
    def before_req():
        input = InputFlask(request)
        output = OutputFlask()

        Connector().start(input, output)




