Skip to main content

Rate limiting for flask applications

Project description

travis-ci coveralls landscape pypi Join the chat at https://gitter.im/alisaifee/flask-limiter license

Flask-Limiter provides rate limiting features to flask routes. It has support for a configurable backend for storage with current implementations for in-memory, redis and memcache.

Quickstart

Add the rate limiter to your flask app. The following example uses the default in memory implementation for storage.

from flask import Flask
from flask_limiter import Limiter
from flask_limiter.util import get_remote_address

app = Flask(__name__)
limiter = Limiter(
    app,
    key_func=get_remote_address,
    default_limits=["2 per minute", "1 per second"],
)

@app.route("/slow")
@limiter.limit("1 per day")
def slow():
    return "24"

@app.route("/fast")
def fast():
    return "42"

@app.route("/ping")
@limiter.exempt
def ping():
    return 'PONG'

app.run()

Test it out. The fast endpoint respects the default rate limit while the slow endpoint uses the decorated one. ping has no rate limit associated with it.

$ curl localhost:5000/fast
42
$ curl localhost:5000/fast
42
$ curl localhost:5000/fast
<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 3.2 Final//EN">
<title>429 Too Many Requests</title>
<h1>Too Many Requests</h1>
<p>2 per 1 minute</p>
$ curl localhost:5000/slow
24
$ curl localhost:5000/slow
<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 3.2 Final//EN">
<title>429 Too Many Requests</title>
<h1>Too Many Requests</h1>
<p>1 per 1 day</p>
$ curl localhost:5000/ping
PONG
$ curl localhost:5000/ping
PONG
$ curl localhost:5000/ping
PONG
$ curl localhost:5000/ping
PONG

Read the docs

Changelog

1.0.1 2017-12-08

  • Bug fix
    • Duplicate rate limits applied via application limits (Issue 108)

1.0.0 2017-11-06

  • Improved documentation for handling ip addresses for applications behind proxiues (Issue 41)
  • Execute rate limits for decorated routes in decorator instead of before_request (Issue 67)
  • Bug Fix
    • Python 3.5 Errors (Issue 82)
    • RATELIMIT_KEY_PREFIX configuration constant not used (Issue 88)
    • Can’t use dynamic limit in default_limits (Issue 94)
    • Retry-After header always zero when using key prefix (Issue 99)

0.9.5.1 2017-08-18

  • Upgrade versioneer

0.9.5 2017-07-26

  • Add support for key prefixes

0.9.4 2017-05-01

  • Implemented application wide shared limits

0.9.3 2016-03-14

  • Allow reset of limiter storage if available

0.9.2 2016-03-04

  • Deprecation warning for default key_func get_ipaddr
  • Support for Retry-After header

0.9.1 2015-11-21

  • Re-expose enabled property on Limiter instance.

0.9 2015-11-13

  • In-memory fallback option for unresponsive storage
  • Rate limit exemption option per limit

0.8.5 2015-10-05

  • Bug fix for reported issues of missing (limits) dependency upon installation.

0.8.4 2015-10-03

  • Documentation tweaks.

0.8.2 2015-09-17

  • Remove outdated files from egg

0.8.1 2015-08-06

  • Fixed compatibility with latest version of Flask-Restful

0.8 2015-06-07

  • No functional change

0.7.9 2015-04-02

  • Bug fix for case sensitive methods whitelist for limits decorator

0.7.8 2015-03-20

  • Hotfix for dynamic limits with blueprints
  • Undocumented feature to pass storage options to underlying storage backend.

0.7.6 2015-03-02

  • methods keyword argument for limits decorator to specify specific http methods to apply the rate limit to.

0.7.5 2015-02-16

0.7.4 2015-02-03

  • Use Werkzeug TooManyRequests as the exception raised when available.

0.7.3 2015-01-30

  • Bug Fix
    • Fix for version comparison when monkey patching Werkzeug
      (Issue 24)

0.7.1 2015-01-09

  • Refactor core storage & ratelimiting strategy out into the limits package.
  • Remove duplicate hits when stacked rate limits are in use and a rate limit is hit.

0.7 2015-01-09

  • Refactoring of RedisStorage for extensibility (Issue 18)
  • Bug fix: Correct default setting for enabling rate limit headers. (Issue 22)

0.6.6 2014-10-21

  • Bug fix
    • Fix for responses slower than rate limiting window. (Issue 17.)

0.6.5 2014-10-01

  • Bug fix: in memory storage thread safety

0.6.4 2014-08-31

  • Support for manually triggering rate limit check

0.6.3 2014-08-26

  • Header name overrides

0.6.2 2014-07-13

0.6.1 2014-07-11

  • per http method rate limit separation (Recipe)
  • documentation improvements

0.5 2014-06-13

0.4.4 2014-06-13

  • Bug fix
    • Werkzeug < 0.9 Compatibility (Issue 6.)

0.4.3 2014-06-12

  • Hotfix : use HTTPException instead of abort to play well with other extensions.

0.4.2 2014-06-12

  • Allow configuration overrides via extension constructor

0.4.1 2014-06-04

  • Improved implementation of moving-window X-RateLimit-Reset value.

0.4 2014-05-28

0.3.2 2014-05-26

  • Bug fix
    • Memory leak when using Limiter.storage.MemoryStorage (Issue 4.)
  • Improved test coverage

0.3.1 2014-02-20

  • Strict version requirement on six
  • documentation tweaks

0.3.0 2014-02-19

  • improved logging support for multiple handlers
  • allow callables to be passed to Limiter.limit decorator to dynamically load rate limit strings.
  • add a global kill switch in flask config for all rate limits.
  • Bug fixes
    • default key function for rate limit domain wasn’t accounting for X-Forwarded-For header.

0.2.2 2014-02-18

  • add new decorator to exempt routes from limiting.
  • Bug fixes
    • versioneer.py wasn’t included in manifest.
    • configuration string for strategy was out of sync with docs.

0.2.1 2014-02-15

  • python 2.6 support via counter backport
  • source docs.

0.2 2014-02-15

  • Implemented configurable strategies for rate limiting.
  • Bug fixes
    • better locking for in-memory storage
    • multi threading support for memcached storage

0.1.1 2014-02-14

  • Bug fixes
    • fix initializing the extension without an app
    • don’t rate limit static files

0.1.0 2014-02-13

  • first release.

Project details


Release history Release notifications

This version
History Node

1.0.1

History Node

1.0.0

History Node

1.0.0rc1

History Node

0.9.5.1

History Node

0.9.5

History Node

0.9.4

History Node

0.9.3

History Node

0.9.2

History Node

0.9.1

History Node

0.9

History Node

0.8.5

History Node

0.8.4

History Node

0.8.3

History Node

0.8.2

History Node

0.8.1

History Node

0.8

History Node

0.7.9

History Node

0.7.8

History Node

0.7.7

History Node

0.7.6

History Node

0.7.5

History Node

0.7.4

History Node

0.7.3

History Node

0.7.2

History Node

0.7.1

History Node

0.7

History Node

0.6.6

History Node

0.6.5

History Node

0.6.4

History Node

0.6.3

History Node

0.6.2

History Node

0.6.1

History Node

0.6

History Node

0.5

History Node

0.4.4

History Node

0.4.3

History Node

0.4.2

History Node

0.4.1

History Node

0.4

History Node

0.3.2

History Node

0.3.1

History Node

0.3.0

History Node

0.2.2

History Node

0.2.1

History Node

0.2

History Node

0.1.1

History Node

0.1.0

History Node

0.0.1

Download files

Download the file for your platform. If you're not sure which to choose, learn more about installing packages.

Filename, size & hash SHA256 hash help File type Python version Upload date
Flask_Limiter-1.0.1-py2.7.egg (24.0 kB) Copy SHA256 hash SHA256 Egg 2.7 Dec 7, 2017
Flask-Limiter-1.0.1.tar.gz (89.4 kB) Copy SHA256 hash SHA256 Source None Dec 7, 2017

Supported by

Elastic Elastic Search Pingdom Pingdom Monitoring Google Google BigQuery Sentry Sentry Error logging CloudAMQP CloudAMQP RabbitMQ AWS AWS Cloud computing Fastly Fastly CDN DigiCert DigiCert EV certificate StatusPage StatusPage Status page