Rate limiting for flask applications
Project description
Flask-Limiter provides rate limiting features to flask routes. It has support for a configurable backend for storage with current implementations for in-memory, redis and memcache.
Quickstart
Add the rate limiter to your flask app. The following example uses the default in memory implementation for storage.
from flask import Flask
from flask_limiter import Limiter
from flask_limiter.util import get_remote_address
app = Flask(__name__)
limiter = Limiter(
app,
key_func=get_remote_address,
default_limits=["2 per minute", "1 per second"],
)
@app.route("/slow")
@limiter.limit("1 per day")
def slow():
return "24"
@app.route("/fast")
def fast():
return "42"
@app.route("/ping")
@limiter.exempt
def ping():
return 'PONG'
app.run()
Test it out. The fast endpoint respects the default rate limit while the slow endpoint uses the decorated one. ping has no rate limit associated with it.
$ curl localhost:5000/fast
42
$ curl localhost:5000/fast
42
$ curl localhost:5000/fast
<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 3.2 Final//EN">
<title>429 Too Many Requests</title>
<h1>Too Many Requests</h1>
<p>2 per 1 minute</p>
$ curl localhost:5000/slow
24
$ curl localhost:5000/slow
<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 3.2 Final//EN">
<title>429 Too Many Requests</title>
<h1>Too Many Requests</h1>
<p>1 per 1 day</p>
$ curl localhost:5000/ping
PONG
$ curl localhost:5000/ping
PONG
$ curl localhost:5000/ping
PONG
$ curl localhost:5000/ping
PONG
Changelog
v1.4
Release Date: 2020-08-25
Bug Fix
Always set headers for conditional limits
Skip init_app sequence when the rate limiter is disabled
v1.3.1
Release Date: 2020-05-21
Bug Fix
Ensure headers provided explictely by setting _header_mapping take precedence over configuration values.
v1.3
Release Date: 2020-05-20
Features
Add new deduct_when argument that accepts a function to decorated limits to conditionally perform depletion of a rate limit (Pull Request 248)
Add new default_limits_deduct_when argument to Limiter constructor to conditionally perform depletion of default rate limits
Add default_limits_exempt_when argument that accepts a function to allow skipping the default limits in the before_request phase
Bug Fix
Fix handling of storage failures during after_request phase.
Code Quality
Use github-actions instead of travis for CI
Use pytest instaad of nosetests
Add docker configuration for test dependencies
Increase code coverage to 100%
Ensure pyflake8 compliance
v1.2.1
Release Date: 2020-02-26
Bug fix
Syntax error in version 1.2.0 when application limits are provided through configuration file (Issue 241)
v1.2.0
Release Date: 2020-02-25
Add override_defaults argument to decorated limits to allow combinined defaults with decorated limits.
Add configuration parameter RATELIMIT_DEFAULTS_PER_METHOD to control whether defaults are applied per method.
Add support for in memory fallback without override (Pull Request 236)
Bug fix
Ensure defaults are enforced when decorated limits are skipped (Issue 238)
v1.1.0
Release Date: 2019-10-02
Provide Rate limit information with Exception (Pull Request 202)
Respect existing Retry-After header values (Pull Request 143)
Documentation improvements
v1.0.1
Release Date: 2017-12-08
Bug fix
Duplicate rate limits applied via application limits (Issue 108)
v1.0.0
Release Date: 2017-11-06
v0.9.5.1
Release Date: 2017-08-18
Upgrade versioneer
v0.9.5
Release Date: 2017-07-26
Add support for key prefixes
v0.9.4
Release Date: 2017-05-01
Implemented application wide shared limits
v0.9.3
Release Date: 2016-03-14
Allow reset of limiter storage if available
v0.9.2
Release Date: 2016-03-04
Deprecation warning for default key_func get_ipaddr
Support for Retry-After header
v0.9.1
Release Date: 2015-11-21
Re-expose enabled property on Limiter instance.
v0.9
Release Date: 2015-11-13
In-memory fallback option for unresponsive storage
Rate limit exemption option per limit
v0.8.5
Release Date: 2015-10-05
Bug fix for reported issues of missing (limits) dependency upon installation.
v0.8.4
Release Date: 2015-10-03
Documentation tweaks.
v0.8.2
Release Date: 2015-09-17
Remove outdated files from egg
v0.8.1
Release Date: 2015-08-06
Fixed compatibility with latest version of Flask-Restful
v0.8
Release Date: 2015-06-07
No functional change
v0.7.9
Release Date: 2015-04-02
Bug fix for case sensitive methods whitelist for limits decorator
v0.7.8
Release Date: 2015-03-20
Hotfix for dynamic limits with blueprints
Undocumented feature to pass storage options to underlying storage backend.
v0.7.6
Release Date: 2015-03-02
methods keyword argument for limits decorator to specify specific http methods to apply the rate limit to.
v0.7.5
Release Date: 2015-02-16
v0.7.4
Release Date: 2015-02-03
Use Werkzeug TooManyRequests as the exception raised when available.
v0.7.3
Release Date: 2015-01-30
Bug Fix
- Fix for version comparison when monkey patching Werkzeug
(Issue 24)
v0.7.1
Release Date: 2015-01-09
Refactor core storage & ratelimiting strategy out into the limits package.
Remove duplicate hits when stacked rate limits are in use and a rate limit is hit.
v0.7
Release Date: 2015-01-09
v0.6.6
Release Date: 2014-10-21
Bug fix
Fix for responses slower than rate limiting window. (Issue 17.)
v0.6.5
Release Date: 2014-10-01
Bug fix: in memory storage thread safety
v0.6.4
Release Date: 2014-08-31
Support for manually triggering rate limit check
v0.6.3
Release Date: 2014-08-26
Header name overrides
v0.6.2
Release Date: 2014-07-13
v0.6.1
Release Date: 2014-07-11
per http method rate limit separation (Recipe)
documentation improvements
v0.6
Release Date: 2014-06-24
v0.5
Release Date: 2014-06-13
v0.4.4
Release Date: 2014-06-13
Bug fix
Werkzeug < 0.9 Compatibility (Issue 6.)
v0.4.3
Release Date: 2014-06-12
Hotfix : use HTTPException instead of abort to play well with other extensions.
v0.4.2
Release Date: 2014-06-12
Allow configuration overrides via extension constructor
v0.4.1
Release Date: 2014-06-04
Improved implementation of moving-window X-RateLimit-Reset value.
v0.4
Release Date: 2014-05-28
v0.3.2
Release Date: 2014-05-26
Bug fix
Memory leak when using Limiter.storage.MemoryStorage (Issue 4.)
Improved test coverage
v0.3.1
Release Date: 2014-02-20
Strict version requirement on six
documentation tweaks
v0.3.0
Release Date: 2014-02-19
improved logging support for multiple handlers
allow callables to be passed to Limiter.limit decorator to dynamically load rate limit strings.
add a global kill switch in flask config for all rate limits.
Bug fixes
default key function for rate limit domain wasn’t accounting for X-Forwarded-For header.
v0.2.2
Release Date: 2014-02-18
add new decorator to exempt routes from limiting.
Bug fixes
versioneer.py wasn’t included in manifest.
configuration string for strategy was out of sync with docs.
v0.2.1
Release Date: 2014-02-15
python 2.6 support via counter backport
source docs.
v0.2
Release Date: 2014-02-15
Implemented configurable strategies for rate limiting.
Bug fixes
better locking for in-memory storage
multi threading support for memcached storage
v0.1.1
Release Date: 2014-02-14
Bug fixes
fix initializing the extension without an app
don’t rate limit static files
v0.1.0
Release Date: 2014-02-13
first release.
Project details
Release history Release notifications | RSS feed
Download files
Download the file for your platform. If you're not sure which to choose, learn more about installing packages.
Source Distribution
Built Distributions
Hashes for Flask_Limiter-1.4-py3-none-any.whl
Algorithm | Hash digest | |
---|---|---|
SHA256 | f8a65a7874f48ff8df2ea5e86d5b85b48fcbae065ebeb5271b317fe68fcfa979 |
|
MD5 | 974c0b8c3b4a3e2515b7ac433b854a93 |
|
BLAKE2b-256 | 1c661bc848a3d37bed2a4c6cea7b7e39b830b2cd848dc7dde759926bb896f8e8 |