Flask-Limiter 0.9.5.1

Flask-Limiter provides rate limiting features to flask routes. It has support for a configurable backend for storage with current implementations for in-memory, redis and memcache.

Quickstart

Add the rate limiter to your flask app. The following example uses the default in memory implementation for storage.

from flask import Flask
from flask_limiter import Limiter
from flask_limiter.util import get_remote_address

app = Flask(__name__)
limiter = Limiter(
    app,
    key_func=get_remote_address,
    default_limits=["2 per minute", "1 per second"],
)

@app.route("/slow")
@limiter.limit("1 per day")
def slow():
    return "24"

@app.route("/fast")
def fast():
    return "42"

@app.route("/ping")
@limiter.exempt
def ping():
    return 'PONG'

app.run()

Test it out. The fast endpoint respects the default rate limit while the slow endpoint uses the decorated one. ping has no rate limit associated with it.

$ curl localhost:5000/fast
42
$ curl localhost:5000/fast
42
$ curl localhost:5000/fast
<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 3.2 Final//EN">
<title>429 Too Many Requests</title>
<h1>Too Many Requests</h1>
<p>2 per 1 minute</p>
$ curl localhost:5000/slow
24
$ curl localhost:5000/slow
<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 3.2 Final//EN">
<title>429 Too Many Requests</title>
<h1>Too Many Requests</h1>
<p>1 per 1 day</p>
$ curl localhost:5000/ping
PONG
$ curl localhost:5000/ping
PONG
$ curl localhost:5000/ping
PONG
$ curl localhost:5000/ping
PONG

Read the docs

Changelog

0.9.5.1 2017-08-18

• Upgrade versioneer

0.9.5 2017-07-26

• Add support for key prefixes

0.9.4 2017-05-01

• Implemented application wide shared limits

0.9.3 2016-03-14

• Allow reset of limiter storage if available

0.9.2 2016-03-04

• Deprecation warning for default key_func get_ipaddr
• Support for Retry-After header

0.9.1 2015-11-21

• Re-expose enabled property on Limiter instance.

0.9 2015-11-13

• In-memory fallback option for unresponsive storage
• Rate limit exemption option per limit

0.8.5 2015-10-05

• Bug fix for reported issues of missing (limits) dependency upon installation.

0.8.4 2015-10-03

• Documentation tweaks.

0.8.2 2015-09-17

• Remove outdated files from egg

0.8.1 2015-08-06

• Fixed compatibility with latest version of Flask-Restful

0.8 2015-06-07

• No functional change

0.7.9 2015-04-02

• Bug fix for case sensitive methods whitelist for limits decorator

0.7.8 2015-03-20

• Hotfix for dynamic limits with blueprints
• Undocumented feature to pass storage options to underlying storage backend.

0.7.6 2015-03-02

• methods keyword argument for limits decorator to specify specific http methods to apply the rate limit to.

0.7.5 2015-02-16

• Custom error messages.

0.7.4 2015-02-03

• Use Werkzeug TooManyRequests as the exception raised when available.

0.7.3 2015-01-30

• Bug Fix

  • Fix for version comparison when monkey patching Werkzeug

    (Issue 24)

0.7.1 2015-01-09

• Refactor core storage & ratelimiting strategy out into the limits package.
• Remove duplicate hits when stacked rate limits are in use and a rate limit is hit.

0.7 2015-01-09

• Refactoring of RedisStorage for extensibility (Issue 18)
• Bug fix: Correct default setting for enabling rate limit headers. (Issue 22)

0.6.6 2014-10-21

• Bug fix
  • Fix for responses slower than rate limiting window. (Issue 17.)

0.6.5 2014-10-01

• Bug fix: in memory storage thread safety

0.6.4 2014-08-31

• Support for manually triggering rate limit check

0.6.3 2014-08-26

• Header name overrides

0.6.2 2014-07-13

• Rate limiting for blueprints

0.6.1 2014-07-11

• per http method rate limit separation (Recipe)
• documentation improvements

0.6 2014-06-24

• Shared limits between routes

0.5 2014-06-13

• Request Filters

0.4.4 2014-06-13

• Bug fix
  • Werkzeug < 0.9 Compatibility (Issue 6.)

0.4.3 2014-06-12

• Hotfix : use HTTPException instead of abort to play well with other extensions.

0.4.2 2014-06-12

• Allow configuration overrides via extension constructor

0.4.1 2014-06-04

• Improved implementation of moving-window X-RateLimit-Reset value.

0.4 2014-05-28

• Rate limiting headers

0.3.2 2014-05-26

• Bug fix
  • Memory leak when using Limiter.storage.MemoryStorage (Issue 4.)
• Improved test coverage

0.3.1 2014-02-20

• Strict version requirement on six
• documentation tweaks

0.3.0 2014-02-19

• improved logging support for multiple handlers
• allow callables to be passed to Limiter.limit decorator to dynamically load rate limit strings.
• add a global kill switch in flask config for all rate limits.
• Bug fixes
  • default key function for rate limit domain wasn’t accounting for X-Forwarded-For header.

0.2.2 2014-02-18

• add new decorator to exempt routes from limiting.
• Bug fixes
  • versioneer.py wasn’t included in manifest.
  • configuration string for strategy was out of sync with docs.

0.2.1 2014-02-15

• python 2.6 support via counter backport
• source docs.

0.2 2014-02-15

• Implemented configurable strategies for rate limiting.
• Bug fixes
  • better locking for in-memory storage
  • multi threading support for memcached storage

0.1.1 2014-02-14

• Bug fixes
  • fix initializing the extension without an app
  • don’t rate limit static files

0.1.0 2014-02-13

• first release.