A Django framework for application-layer rate limiting
Project description
a framework for implementing rate-limiting middleware for Django projects
Overview
This package allows Django developers to define application-level rate-limiting rules. Often, these rules would be expressed as “max # requests within a defined time period”. E.g.:
an IP address may make at most 1500 requests/day
users with an OAuth access token may make 500 reads/hour and 200 writes/hour
You can also define leaky bucket-style rules:
Allow 10 requests per minute, then every 6 seconds thereafter.
Features
Attach rules to specific views using a decorator
Supports multiple throttle configurations
Use Django’s cache layer as the storage backend, or use Redis scripting for production-ready atomic operations
Define request attributes to rate limit (e.g. remote IP address, username, HTTP header value, device fingerprint, etc.)
Application-level rate limiting rules using fixed-bucket or generic cell rate algorithm (leaky bucket)
Installation
Install the library with pip:
sudo pip install django-throttle-requests
Add the directory throttle to your project’s PYTHONPATH.
Usage
Insert the following configuration into your project’s settings:
THROTTLE_ZONES = { 'default': { 'VARY':'throttle.zones.RemoteIP', 'ALGORITHM': 'fixed-bucket', # Default if not defined. 'BUCKET_INTERVAL':15 * 60, # Number of seconds to enforce limit. 'BUCKET_CAPACITY':50, # Maximum number of requests allowed within BUCKET_INTERVAL }, } # Where to store request counts. THROTTLE_BACKEND = 'throttle.backends.cache.CacheBackend' # Optional if Redis backend is chosen ('throttle.backends.redispy.RedisBackend') THROTTLE_REDIS_HOST = 'localhost' THROTTLE_REDIS_PORT = 6379 THROTTLE_REDIS_DB = 0 THROTTLE_REDIS_AUTH = 'pass' # Normally, throttling is disabled when DEBUG=True. Use this to force it to enabled. THROTTLE_ENABLED = True
Use the @throttle decorator to enforce throttling rules on a view:
from throttle.decorators import throttle @throttle(zone='default') def myview(request): ...
Also works with class-based views:
from django.views.generic import View from django.utils.decorators import method_decorator from throttle.decorators import throttle class TestView(View): @method_decorator(throttle(zone='default')) def dispatch(self, *args, **kwargs): return super(TestView, self).dispatch(*args, **kwargs) def head(self, request): ... def get(self, request): ...
Project details
Release history Release notifications | RSS feed
Download files
Download the file for your platform. If you're not sure which to choose, learn more about installing packages.
Source Distribution
Hashes for django-throttle-requests-0.7.0.tar.gz
Algorithm | Hash digest | |
---|---|---|
SHA256 | 5abd8c842ef402541d1eed85ec1e4f731a96bb2601d04527780e19bd6780898c |
|
MD5 | a1314833b94ff1d039a2875ef33eba5f |
|
BLAKE2b-256 | 0c0d987b91c254e2ae87b9edb4f8dc95969105526b485356dc94b386bfce6912 |