Rate limiting for flask applications
Project description
Flask-Limiter provides rate limiting features to flask routes. It has support for a configurable backend for storage with current implementations for in-memory, redis and memcache.
Quickstart
Add the rate limiter to your flask app. The following example uses the default in memory implementation for storage.
from flask import Flask
from flask_limiter import Limiter
from flask_limiter.util import get_remote_address
app = Flask(__name__)
limiter = Limiter(
app,
key_func=get_remote_address,
default_limits=["2 per minute", "1 per second"],
)
@app.route("/slow")
@limiter.limit("1 per day")
def slow():
return "24"
@app.route("/fast")
def fast():
return "42"
@app.route("/ping")
@limiter.exempt
def ping():
return 'PONG'
app.run()
Test it out. The fast endpoint respects the default rate limit while the slow endpoint uses the decorated one. ping has no rate limit associated with it.
$ curl localhost:5000/fast
42
$ curl localhost:5000/fast
42
$ curl localhost:5000/fast
<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 3.2 Final//EN">
<title>429 Too Many Requests</title>
<h1>Too Many Requests</h1>
<p>2 per 1 minute</p>
$ curl localhost:5000/slow
24
$ curl localhost:5000/slow
<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 3.2 Final//EN">
<title>429 Too Many Requests</title>
<h1>Too Many Requests</h1>
<p>1 per 1 day</p>
$ curl localhost:5000/ping
PONG
$ curl localhost:5000/ping
PONG
$ curl localhost:5000/ping
PONG
$ curl localhost:5000/ping
PONG
Changelog
1.1.0 2019-10-02
Provide Rate limit information with Exception (Pull Request 202)
Respect existing Retry-After header values (Pull Request 143)
Documentation improvements
1.0.1 2017-12-08
Bug fix
Duplicate rate limits applied via application limits (Issue 108)
1.0.0 2017-11-06
0.9.5.1 2017-08-18
Upgrade versioneer
0.9.5 2017-07-26
Add support for key prefixes
0.9.4 2017-05-01
Implemented application wide shared limits
0.9.3 2016-03-14
Allow reset of limiter storage if available
0.9.2 2016-03-04
Deprecation warning for default key_func get_ipaddr
Support for Retry-After header
0.9.1 2015-11-21
Re-expose enabled property on Limiter instance.
0.9 2015-11-13
In-memory fallback option for unresponsive storage
Rate limit exemption option per limit
0.8.5 2015-10-05
Bug fix for reported issues of missing (limits) dependency upon installation.
0.8.4 2015-10-03
Documentation tweaks.
0.8.2 2015-09-17
Remove outdated files from egg
0.8.1 2015-08-06
Fixed compatibility with latest version of Flask-Restful
0.8 2015-06-07
No functional change
0.7.9 2015-04-02
Bug fix for case sensitive methods whitelist for limits decorator
0.7.8 2015-03-20
Hotfix for dynamic limits with blueprints
Undocumented feature to pass storage options to underlying storage backend.
0.7.6 2015-03-02
methods keyword argument for limits decorator to specify specific http methods to apply the rate limit to.
0.7.5 2015-02-16
0.7.4 2015-02-03
Use Werkzeug TooManyRequests as the exception raised when available.
0.7.3 2015-01-30
Bug Fix
- Fix for version comparison when monkey patching Werkzeug
(Issue 24)
0.7.1 2015-01-09
Refactor core storage & ratelimiting strategy out into the limits package.
Remove duplicate hits when stacked rate limits are in use and a rate limit is hit.
0.7 2015-01-09
0.6.6 2014-10-21
Bug fix
Fix for responses slower than rate limiting window. (Issue 17.)
0.6.5 2014-10-01
Bug fix: in memory storage thread safety
0.6.4 2014-08-31
Support for manually triggering rate limit check
0.6.3 2014-08-26
Header name overrides
0.6.2 2014-07-13
0.6.1 2014-07-11
per http method rate limit separation (Recipe)
documentation improvements
0.6 2014-06-24
0.5 2014-06-13
0.4.4 2014-06-13
Bug fix
Werkzeug < 0.9 Compatibility (Issue 6.)
0.4.3 2014-06-12
Hotfix : use HTTPException instead of abort to play well with other extensions.
0.4.2 2014-06-12
Allow configuration overrides via extension constructor
0.4.1 2014-06-04
Improved implementation of moving-window X-RateLimit-Reset value.
0.4 2014-05-28
0.3.2 2014-05-26
Bug fix
Memory leak when using Limiter.storage.MemoryStorage (Issue 4.)
Improved test coverage
0.3.1 2014-02-20
Strict version requirement on six
documentation tweaks
0.3.0 2014-02-19
improved logging support for multiple handlers
allow callables to be passed to Limiter.limit decorator to dynamically load rate limit strings.
add a global kill switch in flask config for all rate limits.
Bug fixes
default key function for rate limit domain wasn’t accounting for X-Forwarded-For header.
0.2.2 2014-02-18
add new decorator to exempt routes from limiting.
Bug fixes
versioneer.py wasn’t included in manifest.
configuration string for strategy was out of sync with docs.
0.2.1 2014-02-15
python 2.6 support via counter backport
source docs.
0.2 2014-02-15
Implemented configurable strategies for rate limiting.
Bug fixes
better locking for in-memory storage
multi threading support for memcached storage
0.1.1 2014-02-14
Bug fixes
fix initializing the extension without an app
don’t rate limit static files
0.1.0 2014-02-13
first release.
Project details
Release history Release notifications | RSS feed
Download files
Download the file for your platform. If you're not sure which to choose, learn more about installing packages.
Source Distribution
Built Distributions
Hashes for Flask_Limiter-1.1.0-py2-none-any.whl
Algorithm | Hash digest | |
---|---|---|
SHA256 | 9087984ae7eeb862f93bf5b18477a5e5b1e0c907647ae74fba1c7e3f1de63d6f |
|
MD5 | cba11edf61a190167e225aafeacedb33 |
|
BLAKE2b-256 | 72f368596cb061e1c7d5a7dfb3694de3f8845b908ea16296e762136f34727a65 |