How to Build Custom Middleware in Django 1.6 for Request Filtering

I use Django 1.6.

Django does not provide a built-in urlfilter middleware, but its flexible design lets you create your own.

Before using Django I had never seen such a free‑style way of programming; middleware is defined in MIDDLEWARE_CLASSES in your settings file, and Django already supplies many useful middleware classes such as session, cookie, and CsrfViewMiddleware.

To write your own middleware you need to create a class, override its methods, and register it.

Three steps: create the class

class RqsStatistcsMiddleware(object):
    def process_request(self, request):
        # override method
        pass

Then add the full dotted path of the class to MIDDLEWARE_CLASSES, e.g. management.statisti_user_activity.RqsStatistcsMiddleware. The order of entries matters because middleware is executed in the order listed.

What middleware can do

Middleware lets you run code before the request reaches your view. Typical use cases include:

IP filtering – allow or deny requests based on the client’s IP address.

Access control – check whether a URL requires a password, payment, or other verification.

User behavior tracking – record user actions for later analysis or targeted push notifications.

Abnormal request detection – combine with timers or Redis to count suspicious accesses and take appropriate actions.

Example of IP filtering:

def process_request(self, request):
    if request.META.has_key('HTTP_X_FORWARDED_FOR'):
        if request.META['HTTP_X_FORWARDED_FOR'] != 'desired_ip':
            return HttpResponseForbidden('<h1 style="text-align:center;margin-top:20px;">Sorry, you are not authorized!</h1>')
    else:
        return HttpResponseForbidden('<h1 style="text-align:center;margin-top:20px;">Sorry, you are not authorized!</h1>')

By customizing middleware you can implement any of the scenarios above.

Happy coding and feel free to discuss and learn together.