Skip to main content

Rate limiting for flask applications

Project description

travis-ci coveralls pypi license

Flask-Limiter provides rate limiting features to flask routes. It has support for a configurable backend for storage with current implementations for in-memory, redis and memcache.

Quickstart

Add the rate limiter to your flask app. The following example uses the default in memory implementation for storage.

from flask import Flask
from flask_limiter import Limiter

app = Flask(__name__)
limiter = Limiter(app, global_limits=["2 per minute", "1 per second"])

@app.route("/slow")
@limiter.limit("1 per day")
def slow():
    return "24"

@app.route("/fast")
def fast():
    return "42"

@app.route("/ping")
@limiter.exempt
def ping():
    return 'PONG'

app.run()

Test it out. The fast endpoint respects the global rate limit while the slow endpoint uses the decorated one. ping has no rate limit associated with it.

$ curl localhost:5000/fast
42
$ curl localhost:5000/fast
42
$ curl localhost:5000/fast
<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 3.2 Final//EN">
<title>429 Too Many Requests</title>
<h1>Too Many Requests</h1>
<p>2 per 1 minute</p>
$ curl localhost:5000/slow
24
$ curl localhost:5000/slow
<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 3.2 Final//EN">
<title>429 Too Many Requests</title>
<h1>Too Many Requests</h1>
<p>1 per 1 day</p>
$ curl localhost:5000/ping
PONG
$ curl localhost:5000/ping
PONG
$ curl localhost:5000/ping
PONG
$ curl localhost:5000/ping
PONG

Read the docs

Changelog

0.6.3 2014-08-26

  • Header name overrides

0.6.2 2014-07-13

0.6.1 2014-07-11

  • per http method rate limit separation (Recipe)

  • documentation improvements

0.6 2014-06-24

0.5 2014-06-13

0.4.4 2014-06-13

  • Bug fix

    • Werkzeug < 0.9 Compatibility (Issue 6.)

0.4.3 2014-06-12

  • Hotfix : use HTTPException instead of abort to play well with other extensions.

0.4.2 2014-06-12

  • Allow configuration overrides via extension constructor

0.4.1 2014-06-04

  • Improved implementation of moving-window X-RateLimit-Reset value.

0.4 2014-05-28

0.3.2 2014-05-26

  • Bug fix

    • Memory leak when using Limiter.storage.MemoryStorage (Issue 4.)

  • Improved test coverage

0.3.1 2014-02-20

  • Strict version requirement on six

  • documentation tweaks

0.3.0 2014-02-19

  • improved logging support for multiple handlers

  • allow callables to be passed to Limiter.limit decorator to dynamically load rate limit strings.

  • add a global kill switch in flask config for all rate limits.

  • Bug fixes

    • default key function for rate limit domain wasn’t accounting for X-Forwarded-For header.

0.2.2 2014-02-18

  • add new decorator to exempt routes from limiting.

  • Bug fixes

    • versioneer.py wasn’t included in manifest.

    • configuration string for strategy was out of sync with docs.

0.2.1 2014-02-15

  • python 2.6 support via counter backport

  • source docs.

0.2 2014-02-15

  • Implemented configurable strategies for rate limiting.

  • Bug fixes

    • better locking for in-memory storage

    • multi threading support for memcached storage

0.1.1 2014-02-14

  • Bug fixes

    • fix initializing the extension without an app

    • don’t rate limit static files

0.1.0 2014-02-13

  • first release.

Project details


Release history Release notifications | RSS feed

Download files

Download the file for your platform. If you're not sure which to choose, learn more about installing packages.

Source Distribution

Flask-Limiter-0.6.3.tar.gz (85.4 kB view hashes)

Uploaded Source

Built Distribution

Flask_Limiter-0.6.3-py2.7.egg (59.8 kB view hashes)

Uploaded Source

Supported by

AWS AWS Cloud computing and Security Sponsor Datadog Datadog Monitoring Fastly Fastly CDN Google Google Download Analytics Microsoft Microsoft PSF Sponsor Pingdom Pingdom Monitoring Sentry Sentry Error logging StatusPage StatusPage Status page