Django Management Commands

📋 Quick Reference

Command	Purpose	Usage Example
`add_ipexemption`	Exempt IP from blocking	`python manage.py add_ipexemption 192.168.1.100`
`aiwaf_logging`	View and manage logs	`python manage.py aiwaf_logging --recent`
`aiwaf_reset`	Reset/clear AIWAF data	`python manage.py aiwaf_reset --blacklist`
`detect_and_train`	Train AIWAF from logs	`python manage.py detect_and_train /var/log/nginx/access.log`

🛡️ IP Exemption Commands

add_ipexemption

Add an IP address to the exemption list to prevent it from being blocked by any AIWAF middleware.

Syntax

python manage.py add_ipexemption <ip_address> [--reason "reason"]

Arguments

ip_address (required): The IP address to exempt from blocking
--reason (optional): Reason for the exemption (for documentation)

Examples

# Basic exemption
python manage.py add_ipexemption 192.168.1.100

# Exemption with reason
python manage.py add_ipexemption 203.0.113.45 --reason "Office IP address"

# Exemption for monitoring service
python manage.py add_ipexemption 198.51.100.25 --reason "Uptime monitoring service"

# Exemption for CDN
python manage.py add_ipexemption 104.16.0.0 --reason "Cloudflare CDN"

Use Cases:
• Office/Admin IPs: Prevent blocking legitimate admin access
• Monitoring Services: Exempt uptime monitoring and health checks
• CDN/Proxy IPs: Whitelist CDN edge servers
• API Clients: Exempt legitimate API consumers

📊 Logging and Monitoring Commands

aiwaf_logging

View, analyze, and manage AIWAF logs and blocking activity.

Syntax

python manage.py aiwaf_logging [options]

Options

--recent: Show recent blocking activity
--stats: Display blocking statistics
--ip <ip_address>: Show activity for specific IP
--keyword <keyword>: Show blocks related to specific keyword
--export <file>: Export logs to file
--clear: Clear old log entries

Examples

# View recent blocking activity
python manage.py aiwaf_logging --recent

# Show statistics
python manage.py aiwaf_logging --stats

# Check specific IP activity
python manage.py aiwaf_logging --ip 192.168.1.50

# Find keyword-related blocks
python manage.py aiwaf_logging --keyword "admin"

# Export logs to CSV
python manage.py aiwaf_logging --export /tmp/aiwaf_logs.csv

# Clear old logs (older than 30 days)
python manage.py aiwaf_logging --clear

Sample Output

Recent AIWAF Activity (Last 24 hours):
=====================================

🚫 BLOCKED: 203.0.113.25
   Time: 2025-09-01 14:30:25
   Reason: Keyword block: wp-admin
   Path: /wp-admin/admin.php
   User-Agent: curl/7.68.0

🚫 BLOCKED: 198.51.100.15  
   Time: 2025-09-01 14:28:10
   Reason: Header validation failed (score: 2/11)
   Path: /login
   User-Agent: python-requests/2.25.1

📊 Statistics:
   Total blocks today: 47
   Top blocked keywords: wp-admin, config, backup
   Most blocked IPs: 203.0.113.25 (12), 198.51.100.15 (8)

🔄 Data Management Commands

aiwaf_reset

Reset or clear specific types of AIWAF data for maintenance or troubleshooting.

Syntax

python manage.py aiwaf_reset [options]

Options

--blacklist: Clear IP blacklist
--keywords: Clear learned keywords
--exemptions: Clear IP exemptions
--logs: Clear activity logs
--all: Clear all AIWAF data
--confirm: Skip confirmation prompt

Examples

# Clear blacklisted IPs
python manage.py aiwaf_reset --blacklist

# Clear learned keywords
python manage.py aiwaf_reset --keywords

# Clear exemptions (be careful!)
python manage.py aiwaf_reset --exemptions

# Clear activity logs
python manage.py aiwaf_reset --logs

# Reset everything (with confirmation)
python manage.py aiwaf_reset --all

# Reset without confirmation prompt
python manage.py aiwaf_reset --blacklist --confirm

Warning: These operations cannot be undone. Always ensure you have backups before performing resets, especially with --exemptions or --all options.

🤖 Training and Learning Commands

detect_and_train

Train AIWAF by analyzing server access logs to learn attack patterns and legitimate traffic.

Syntax

python manage.py detect_and_train <log_file> [options]

Arguments & Options

log_file (required): Path to server access log file
--disable-ai: Train without AI model (keyword learning only)
--log-format <format>: Specify log format (nginx, apache, custom)
--limit <number>: Process only specified number of log lines
--verbose: Show detailed training progress
--dry-run: Analyze without making changes

Examples

# Basic training from Nginx logs
python manage.py detect_and_train /var/log/nginx/access.log

# Training without AI (keyword learning only)
python manage.py detect_and_train /var/log/nginx/access.log --disable-ai

# Training with verbose output
python manage.py detect_and_train /var/log/apache2/access.log --verbose

# Dry run to see what would be learned
python manage.py detect_and_train /var/log/nginx/access.log --dry-run

# Train on limited log entries
python manage.py detect_and_train /var/log/nginx/access.log --limit 10000

Training Output

🤖 AIWAF Training Started
========================

📂 Log file: /var/log/nginx/access.log
📊 Processing 50,847 log entries...

🔍 Analysis Progress:
   ▓▓▓▓▓▓▓▓▓▓ 100% (50,847/50,847)

📈 Training Results:
   ✅ Learned Keywords: 23 new malicious patterns
      - Top keywords: wp-config, phpmyadmin, backup
   
   ✅ AI Model: Trained on 1,247 attack samples
      - Accuracy: 94.2%
      - False positive rate: 0.8%
   
   ✅ IP Analysis: 15 IPs identified as suspicious
      - Auto-blocked: 12 IPs
      - Review recommended: 3 IPs

⏱️  Training completed in 2.3 seconds

🚀 Usage Workflows

Initial Setup Workflow

# 1. Train AIWAF from existing logs
python manage.py detect_and_train /var/log/nginx/access.log

# 2. Exempt your admin IPs
python manage.py add_ipexemption 192.168.1.100 --reason "Admin office"

# 3. Check training results
python manage.py aiwaf_logging --stats

Daily Monitoring Workflow

# Check recent activity
python manage.py aiwaf_logging --recent

# Export daily report
python manage.py aiwaf_logging --export /reports/aiwaf_$(date +%Y%m%d).csv

# Check for specific threats
python manage.py aiwaf_logging --keyword "exploit"

Maintenance Workflow

# Clear old logs monthly
python manage.py aiwaf_logging --clear

# Retrain periodically
python manage.py detect_and_train /var/log/nginx/access.log

# Reset false positives if needed
python manage.py aiwaf_reset --blacklist

📝 Best Practices

Security Best Practices

Regular Training: Retrain AIWAF weekly with fresh logs
Monitor Exemptions: Regularly review exempted IPs
Backup Data: Export logs before major resets
Test Changes: Use --dry-run before applying changes

Performance Best Practices

Log Rotation: Clear old logs to prevent database bloat
Limit Training: Use --limit for large log files
Scheduled Training: Run training during low-traffic hours
Monitor Resources: Check disk space and memory usage

Operational Best Practices

Document Exemptions: Always use --reason for exemptions
Regular Monitoring: Check logs daily for new threats
False Positive Handling: Have a process for handling legitimate blocks
Version Control: Track configuration changes

🆘 Troubleshooting

Common Issues

"Command not found"

# Solution: Ensure AIWAF is in INSTALLED_APPS
# Check settings.py contains:
INSTALLED_APPS = [
    # ... other apps ...
    'aiwaf',
]

"Permission denied accessing log file"

# Solution: Check file permissions
sudo chmod 644 /var/log/nginx/access.log
# Or run with appropriate permissions
sudo python manage.py detect_and_train /var/log/nginx/access.log

"No log entries processed"

# Solution: Check log format and file content
python manage.py detect_and_train /var/log/nginx/access.log --verbose

"Database locked" errors

# Solution: Ensure Django database is properly configured
python manage.py migrate

Getting Help:
• Command Help: Add --help to any command for detailed usage
• Verbose Mode: Use --verbose for detailed operation logs
• Dry Run: Use --dry-run to test without making changes
• Log Analysis: Check Django logs for detailed error messages