Rate limiting for flask applications
Project description
Flask-Limiter provides rate limiting features to flask routes. It has support for a configurable backend for storage with current implementations for in-memory, redis and memcache.
Quickstart
Add the rate limiter to your flask app. The following example uses the default in memory implementation for storage.
from flask import Flask
from flask_limiter import Limiter
app = Flask(__name__)
limiter = Limiter(app, global_limits=["2 per minute", "1 per second"])
@app.route("/slow")
@limiter.limit("1 per day")
def slow():
return "24"
@app.route("/fast")
def fast():
return "42"
@app.route("/ping")
@limiter.exempt
def ping():
return 'PONG'
app.run()
Test it out. The fast endpoint respects the global rate limit while the slow endpoint uses the decorated one. ping has no rate limit associated with it.
$ curl localhost:5000/fast
42
$ curl localhost:5000/fast
42
$ curl localhost:5000/fast
<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 3.2 Final//EN">
<title>429 Too Many Requests</title>
<h1>Too Many Requests</h1>
<p>2 per 1 minute</p>
$ curl localhost:5000/slow
24
$ curl localhost:5000/slow
<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 3.2 Final//EN">
<title>429 Too Many Requests</title>
<h1>Too Many Requests</h1>
<p>1 per 1 day</p>
$ curl localhost:5000/ping
PONG
$ curl localhost:5000/ping
PONG
$ curl localhost:5000/ping
PONG
$ curl localhost:5000/ping
PONG
Changelog
0.7 2015-01-09
0.6.6 2014-10-21
Bug fix
Fix for responses slower than rate limiting window. (Issue 17.)
0.6.5 2014-10-01
Bug fix: in memory storage thread safety
0.6.4 2014-08-31
Support for manually triggering rate limit check
0.6.3 2014-08-26
Header name overrides
0.6.2 2014-07-13
0.6.1 2014-07-11
per http method rate limit separation (Recipe)
documentation improvements
0.6 2014-06-24
0.5 2014-06-13
0.4.4 2014-06-13
Bug fix
Werkzeug < 0.9 Compatibility (Issue 6.)
0.4.3 2014-06-12
Hotfix : use HTTPException instead of abort to play well with other extensions.
0.4.2 2014-06-12
Allow configuration overrides via extension constructor
0.4.1 2014-06-04
Improved implementation of moving-window X-RateLimit-Reset value.
0.4 2014-05-28
0.3.2 2014-05-26
Bug fix
Memory leak when using Limiter.storage.MemoryStorage (Issue 4.)
Improved test coverage
0.3.1 2014-02-20
Strict version requirement on six
documentation tweaks
0.3.0 2014-02-19
improved logging support for multiple handlers
allow callables to be passed to Limiter.limit decorator to dynamically load rate limit strings.
add a global kill switch in flask config for all rate limits.
Bug fixes
default key function for rate limit domain wasn’t accounting for X-Forwarded-For header.
0.2.2 2014-02-18
add new decorator to exempt routes from limiting.
Bug fixes
versioneer.py wasn’t included in manifest.
configuration string for strategy was out of sync with docs.
0.2.1 2014-02-15
python 2.6 support via counter backport
source docs.
0.2 2014-02-15
Implemented configurable strategies for rate limiting.
Bug fixes
better locking for in-memory storage
multi threading support for memcached storage
0.1.1 2014-02-14
Bug fixes
fix initializing the extension without an app
don’t rate limit static files
0.1.0 2014-02-13
first release.
Project details
Release history Release notifications | RSS feed
Download files
Download the file for your platform. If you're not sure which to choose, learn more about installing packages.