Skip to main content

Rate limiting for flask applications

Project description

docs ci codecov pypi license

Flask-Limiter provides rate limiting features to flask routes. It has support for a configurable backend for storage with current implementations for in-memory, redis and memcache.

Quickstart

Add the rate limiter to your flask app. The following example uses the default in memory implementation for storage.

from flask import Flask
from flask_limiter import Limiter
from flask_limiter.util import get_remote_address

app = Flask(__name__)
limiter = Limiter(
    app,
    key_func=get_remote_address,
    default_limits=["2 per minute", "1 per second"],
)

@app.route("/slow")
@limiter.limit("1 per day")
def slow():
    return "24"

@app.route("/fast")
def fast():
    return "42"

@app.route("/ping")
@limiter.exempt
def ping():
    return 'PONG'

app.run()

Test it out. The fast endpoint respects the default rate limit while the slow endpoint uses the decorated one. ping has no rate limit associated with it.

$ curl localhost:5000/fast
42
$ curl localhost:5000/fast
42
$ curl localhost:5000/fast
<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 3.2 Final//EN">
<title>429 Too Many Requests</title>
<h1>Too Many Requests</h1>
<p>2 per 1 minute</p>
$ curl localhost:5000/slow
24
$ curl localhost:5000/slow
<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 3.2 Final//EN">
<title>429 Too Many Requests</title>
<h1>Too Many Requests</h1>
<p>1 per 1 day</p>
$ curl localhost:5000/ping
PONG
$ curl localhost:5000/ping
PONG
$ curl localhost:5000/ping
PONG
$ curl localhost:5000/ping
PONG

Read the docs

Changelog

v1.4

Release Date: 2020-08-25

  • Bug Fix
    • Always set headers for conditional limits
    • Skip init_app sequence when the rate limiter is disabled

v1.3.1

Release Date: 2020-05-21

  • Bug Fix
    • Ensure headers provided explictely by setting _header_mapping take precedence over configuration values.

v1.3

Release Date: 2020-05-20

  • Features
    • Add new deduct_when argument that accepts a function to decorated limits to conditionally perform depletion of a rate limit (Pull Request 248)
    • Add new default_limits_deduct_when argument to Limiter constructor to conditionally perform depletion of default rate limits
    • Add default_limits_exempt_when argument that accepts a function to allow skipping the default limits in the before_request phase
  • Bug Fix
    • Fix handling of storage failures during after_request phase.
  • Code Quality
    • Use github-actions instead of travis for CI
    • Use pytest instaad of nosetests
    • Add docker configuration for test dependencies
    • Increase code coverage to 100%
    • Ensure pyflake8 compliance

v1.2.1

Release Date: 2020-02-26

  • Bug fix
    • Syntax error in version 1.2.0 when application limits are provided through configuration file (Issue 241)

v1.2.0

Release Date: 2020-02-25

  • Add override_defaults argument to decorated limits to allow combinined defaults with decorated limits.
  • Add configuration parameter RATELIMIT_DEFAULTS_PER_METHOD to control whether defaults are applied per method.
  • Add support for in memory fallback without override (Pull Request 236)
  • Bug fix
    • Ensure defaults are enforced when decorated limits are skipped (Issue 238)

v1.1.0

Release Date: 2019-10-02

v1.0.1

Release Date: 2017-12-08

  • Bug fix
    • Duplicate rate limits applied via application limits (Issue 108)

v1.0.0

Release Date: 2017-11-06

  • Improved documentation for handling ip addresses for applications behind proxiues (Issue 41)
  • Execute rate limits for decorated routes in decorator instead of before_request (Issue 67)
  • Bug Fix
    • Python 3.5 Errors (Issue 82)
    • RATELIMIT_KEY_PREFIX configuration constant not used (Issue 88)
    • Can’t use dynamic limit in default_limits (Issue 94)
    • Retry-After header always zero when using key prefix (Issue 99)

v0.9.5.1

Release Date: 2017-08-18

  • Upgrade versioneer

v0.9.5

Release Date: 2017-07-26

  • Add support for key prefixes

v0.9.4

Release Date: 2017-05-01

  • Implemented application wide shared limits

v0.9.3

Release Date: 2016-03-14

  • Allow reset of limiter storage if available

v0.9.2

Release Date: 2016-03-04

  • Deprecation warning for default key_func get_ipaddr
  • Support for Retry-After header

v0.9.1

Release Date: 2015-11-21

  • Re-expose enabled property on Limiter instance.

v0.9

Release Date: 2015-11-13

  • In-memory fallback option for unresponsive storage
  • Rate limit exemption option per limit

v0.8.5

Release Date: 2015-10-05

  • Bug fix for reported issues of missing (limits) dependency upon installation.

v0.8.4

Release Date: 2015-10-03

  • Documentation tweaks.

v0.8.2

Release Date: 2015-09-17

  • Remove outdated files from egg

v0.8.1

Release Date: 2015-08-06

  • Fixed compatibility with latest version of Flask-Restful

v0.8

Release Date: 2015-06-07

  • No functional change

v0.7.9

Release Date: 2015-04-02

  • Bug fix for case sensitive methods whitelist for limits decorator

v0.7.8

Release Date: 2015-03-20

  • Hotfix for dynamic limits with blueprints
  • Undocumented feature to pass storage options to underlying storage backend.

v0.7.6

Release Date: 2015-03-02

  • methods keyword argument for limits decorator to specify specific http methods to apply the rate limit to.

v0.7.5

Release Date: 2015-02-16

v0.7.4

Release Date: 2015-02-03

  • Use Werkzeug TooManyRequests as the exception raised when available.

v0.7.3

Release Date: 2015-01-30

  • Bug Fix
    • Fix for version comparison when monkey patching Werkzeug
      (Issue 24)

v0.7.1

Release Date: 2015-01-09

  • Refactor core storage & ratelimiting strategy out into the limits package.
  • Remove duplicate hits when stacked rate limits are in use and a rate limit is hit.

v0.7

Release Date: 2015-01-09

  • Refactoring of RedisStorage for extensibility (Issue 18)
  • Bug fix: Correct default setting for enabling rate limit headers. (Issue 22)

v0.6.6

Release Date: 2014-10-21

  • Bug fix
    • Fix for responses slower than rate limiting window. (Issue 17.)

v0.6.5

Release Date: 2014-10-01

  • Bug fix: in memory storage thread safety

v0.6.4

Release Date: 2014-08-31

  • Support for manually triggering rate limit check

v0.6.3

Release Date: 2014-08-26

  • Header name overrides

v0.6.2

Release Date: 2014-07-13

v0.6.1

Release Date: 2014-07-11

  • per http method rate limit separation (Recipe)
  • documentation improvements

v0.6

Release Date: 2014-06-24

v0.5

Release Date: 2014-06-13

v0.4.4

Release Date: 2014-06-13

  • Bug fix
    • Werkzeug < 0.9 Compatibility (Issue 6.)

v0.4.3

Release Date: 2014-06-12

  • Hotfix : use HTTPException instead of abort to play well with other extensions.

v0.4.2

Release Date: 2014-06-12

  • Allow configuration overrides via extension constructor

v0.4.1

Release Date: 2014-06-04

  • Improved implementation of moving-window X-RateLimit-Reset value.

v0.4

Release Date: 2014-05-28

v0.3.2

Release Date: 2014-05-26

  • Bug fix
    • Memory leak when using Limiter.storage.MemoryStorage (Issue 4.)
  • Improved test coverage

v0.3.1

Release Date: 2014-02-20

  • Strict version requirement on six
  • documentation tweaks

v0.3.0

Release Date: 2014-02-19

  • improved logging support for multiple handlers
  • allow callables to be passed to Limiter.limit decorator to dynamically load rate limit strings.
  • add a global kill switch in flask config for all rate limits.
  • Bug fixes
    • default key function for rate limit domain wasn’t accounting for X-Forwarded-For header.

v0.2.2

Release Date: 2014-02-18

  • add new decorator to exempt routes from limiting.
  • Bug fixes
    • versioneer.py wasn’t included in manifest.
    • configuration string for strategy was out of sync with docs.

v0.2.1

Release Date: 2014-02-15

  • python 2.6 support via counter backport
  • source docs.

v0.2

Release Date: 2014-02-15

  • Implemented configurable strategies for rate limiting.
  • Bug fixes
    • better locking for in-memory storage
    • multi threading support for memcached storage

v0.1.1

Release Date: 2014-02-14

  • Bug fixes
    • fix initializing the extension without an app
    • don’t rate limit static files

v0.1.0

Release Date: 2014-02-13

  • first release.

Project details


Download files

Download the file for your platform. If you're not sure which to choose, learn more about installing packages.

Files for Flask-Limiter, version 1.4
Filename, size File type Python version Upload date Hashes
Filename, size Flask_Limiter-1.4-py3.7.egg (27.9 kB) File type Egg Python version 3.7 Upload date Hashes View
Filename, size Flask_Limiter-1.4-py3-none-any.whl (15.5 kB) File type Wheel Python version py3 Upload date Hashes View
Filename, size Flask-Limiter-1.4.tar.gz (95.6 kB) File type Source Python version None Upload date Hashes View

Supported by

Pingdom Pingdom Monitoring Google Google Object Storage and Download Analytics Sentry Sentry Error logging AWS AWS Cloud computing DataDog DataDog Monitoring Fastly Fastly CDN DigiCert DigiCert EV certificate StatusPage StatusPage Status page