Rate limiting for flask applications
Project description
Flask-Limiter provides rate limiting features to flask routes. It has support for a configurable backend for storage with current implementations for in-memory, redis and memcache.
Quickstart
Add the rate limiter to your flask app. The following example uses the default in memory implementation for storage.
from flask import Flask
from flask_limiter import Limiter
from flask_limiter.util import get_remote_address
app = Flask(__name__)
limiter = Limiter(
app,
key_func=get_remote_address,
default_limits=["2 per minute", "1 per second"],
)
@app.route("/slow")
@limiter.limit("1 per day")
def slow():
return "24"
@app.route("/fast")
def fast():
return "42"
@app.route("/ping")
@limiter.exempt
def ping():
return 'PONG'
app.run()
Test it out. The fast endpoint respects the default rate limit while the slow endpoint uses the decorated one. ping has no rate limit associated with it.
$ curl localhost:5000/fast
42
$ curl localhost:5000/fast
42
$ curl localhost:5000/fast
<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 3.2 Final//EN">
<title>429 Too Many Requests</title>
<h1>Too Many Requests</h1>
<p>2 per 1 minute</p>
$ curl localhost:5000/slow
24
$ curl localhost:5000/slow
<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 3.2 Final//EN">
<title>429 Too Many Requests</title>
<h1>Too Many Requests</h1>
<p>1 per 1 day</p>
$ curl localhost:5000/ping
PONG
$ curl localhost:5000/ping
PONG
$ curl localhost:5000/ping
PONG
$ curl localhost:5000/ping
PONG
Changelog
1.2.0 2020-02-25
Add override_defaults argument to decorated limits to allow combinined defaults with decorated limits.
Add configuration parameter RATELIMIT_DEFAULTS_PER_METHOD to control whether defaults are applied per method.
Add support for in memory fallback without override (Pull Request 236)
Bug fix
Ensure defaults are enforced when decorated limits are skipped (Issue 238)
1.1.0 2019-10-02
Provide Rate limit information with Exception (Pull Request 202)
Respect existing Retry-After header values (Pull Request 143)
Documentation improvements
1.0.1 2017-12-08
Bug fix
Duplicate rate limits applied via application limits (Issue 108)
1.0.0 2017-11-06
0.9.5.1 2017-08-18
Upgrade versioneer
0.9.5 2017-07-26
Add support for key prefixes
0.9.4 2017-05-01
Implemented application wide shared limits
0.9.3 2016-03-14
Allow reset of limiter storage if available
0.9.2 2016-03-04
Deprecation warning for default key_func get_ipaddr
Support for Retry-After header
0.9.1 2015-11-21
Re-expose enabled property on Limiter instance.
0.9 2015-11-13
In-memory fallback option for unresponsive storage
Rate limit exemption option per limit
0.8.5 2015-10-05
Bug fix for reported issues of missing (limits) dependency upon installation.
0.8.4 2015-10-03
Documentation tweaks.
0.8.2 2015-09-17
Remove outdated files from egg
0.8.1 2015-08-06
Fixed compatibility with latest version of Flask-Restful
0.8 2015-06-07
No functional change
0.7.9 2015-04-02
Bug fix for case sensitive methods whitelist for limits decorator
0.7.8 2015-03-20
Hotfix for dynamic limits with blueprints
Undocumented feature to pass storage options to underlying storage backend.
0.7.6 2015-03-02
methods keyword argument for limits decorator to specify specific http methods to apply the rate limit to.
0.7.5 2015-02-16
0.7.4 2015-02-03
Use Werkzeug TooManyRequests as the exception raised when available.
0.7.3 2015-01-30
Bug Fix
- Fix for version comparison when monkey patching Werkzeug
(Issue 24)
0.7.1 2015-01-09
Refactor core storage & ratelimiting strategy out into the limits package.
Remove duplicate hits when stacked rate limits are in use and a rate limit is hit.
0.7 2015-01-09
0.6.6 2014-10-21
Bug fix
Fix for responses slower than rate limiting window. (Issue 17.)
0.6.5 2014-10-01
Bug fix: in memory storage thread safety
0.6.4 2014-08-31
Support for manually triggering rate limit check
0.6.3 2014-08-26
Header name overrides
0.6.2 2014-07-13
0.6.1 2014-07-11
per http method rate limit separation (Recipe)
documentation improvements
0.6 2014-06-24
0.5 2014-06-13
0.4.4 2014-06-13
Bug fix
Werkzeug < 0.9 Compatibility (Issue 6.)
0.4.3 2014-06-12
Hotfix : use HTTPException instead of abort to play well with other extensions.
0.4.2 2014-06-12
Allow configuration overrides via extension constructor
0.4.1 2014-06-04
Improved implementation of moving-window X-RateLimit-Reset value.
0.4 2014-05-28
0.3.2 2014-05-26
Bug fix
Memory leak when using Limiter.storage.MemoryStorage (Issue 4.)
Improved test coverage
0.3.1 2014-02-20
Strict version requirement on six
documentation tweaks
0.3.0 2014-02-19
improved logging support for multiple handlers
allow callables to be passed to Limiter.limit decorator to dynamically load rate limit strings.
add a global kill switch in flask config for all rate limits.
Bug fixes
default key function for rate limit domain wasn’t accounting for X-Forwarded-For header.
0.2.2 2014-02-18
add new decorator to exempt routes from limiting.
Bug fixes
versioneer.py wasn’t included in manifest.
configuration string for strategy was out of sync with docs.
0.2.1 2014-02-15
python 2.6 support via counter backport
source docs.
0.2 2014-02-15
Implemented configurable strategies for rate limiting.
Bug fixes
better locking for in-memory storage
multi threading support for memcached storage
0.1.1 2014-02-14
Bug fixes
fix initializing the extension without an app
don’t rate limit static files
0.1.0 2014-02-13
first release.
Project details
Release history Release notifications | RSS feed
Download files
Download the file for your platform. If you're not sure which to choose, learn more about installing packages.
Source Distribution
Built Distributions
Hashes for Flask_Limiter-1.2.0-py3-none-any.whl
Algorithm | Hash digest | |
---|---|---|
SHA256 | e9f59b1f69916f148458698d138b03b1bcabc1bea01ec55dfcf98852d49ddf90 |
|
MD5 | 2c7ba9ce6dee8dd5bbe96ec0a8cc6bcd |
|
BLAKE2b-256 | a50c8c26b89572f424504c0cf2c87d11ed4ea5e454213b6d255aa23408fe8cd4 |