Async rate limiter for FastAPI with Redis or in-memory backend and advanced proxy-aware security
Project description
fastapi‑easylimiter
An ASGI async rate-limiting middleware for FastAPI with Redis or in-memory caching, designed to handle auto-generated routes (e.g., FastAPI-Users) without decorators, for simplicity and ease of use.
Features
- Path based rules (
/api/*,/admin/*, exact matches) - Fixed & sliding window strategies (Lua)
RateLimit,RateLimit-Policy,Retry-Afterheaders- Bans with back-off per IP with configurable window
- BaseHTTPMiddleware for FastAPI/Starlette
TODO
- In-memory option
Installation
pip install fastapi-easylimiter
Usage
from fastapi import FastAPI
import redis.asyncio as redis
from middleware.rate import RateLimitMiddleware
app = FastAPI()
redis_client = redis.from_url("redis://localhost:6379/0")
app.add_middleware(
RateLimitMiddleware,
redis=redis,
rules={
"/*": (200, 60, "fixed"),
"/api/*": (5, 1000, "sliding"),
"/api/auth/*": (3, 1, "sliding"),
"/api/users/me": (2, 30, "fixed"),
},
exempt=[],
enable_bans=True,
ban_offenses=8,
ban_window="10m",
ban_length="5m",
ban_max_length="1d",
)
@app.get("/api/hello")
async def hello():
return {"message": "ok"}
Example:
/api/users/mematches/api/usersand/api. If any rule is exceeded →429returned.
Redis Key Patterns
| Key Pattern | Example | Type | Used For |
|---|---|---|---|
rl:Fixe:{hash}:{limit}:{window} |
rl:Fixe:a1b2c3d4e5f6a7b8:100:60 |
String | Fixed-window counter |
rl:Slid:{hash}:{limit}:{window} |
rl:Slid:a1b2c3d4e5f6a7b8:60:60 |
ZSET | Sliding window request log |
offense:{identifier} |
offense:203.0.113.5 |
ZSET | Offense tracking for ban escalation |
ban:{identifier} |
ban:203.0.113.5 |
String+TTL | Active ban flag |
Middleware Parameters
| Parameter | Type | Required | Description |
|---|---|---|---|
redis |
redis.asyncio.Redis |
Yes | Redis async client |
rules |
Dict[str, Tuple[int, int, str]] |
Yes | Path → (limit, period, strategy) |
exempt |
Optional[List[str]] |
No | Paths that bypass rate limits |
enable_bans |
bool |
No | Enable/disable ban system |
ban_offenses |
int |
No | Offenses before ban triggers |
ban_window |
str |
No | Time window for offense accumulation |
ban_length |
str |
No | Initial ban length |
ban_max_length |
str |
No | Maximum exponential ban ceiling |
Screenshot
Contributing
Contributions and forks are always welcome! Adapt, improve, or extend for your own needs.
Support
Parts of this code were generated/assisted by AI (Claude, Grok).
Release history Release notifications | RSS feed
Download files
Download the file for your platform. If you're not sure which to choose, learn more about installing packages.
Source Distribution
Built Distribution
Filter files by name, interpreter, ABI, and platform.
If you're not sure about the file name format, learn more about wheel file names.
Copy a direct link to the current filters
File details
Details for the file fastapi_easylimiter-0.4.0.tar.gz.
File metadata
- Download URL: fastapi_easylimiter-0.4.0.tar.gz
- Upload date:
- Size: 10.3 kB
- Tags: Source
- Uploaded using Trusted Publishing? No
- Uploaded via: twine/6.2.0 CPython/3.13.1
File hashes
| Algorithm | Hash digest | |
|---|---|---|
| SHA256 |
50c5258db6b632e8cfe928d0238a8808a992acf216b9a1787030dd4d10bea990
|
|
| MD5 |
bf39460d569b688f7665f313683ea3ca
|
|
| BLAKE2b-256 |
85e77f9c9c0a645b928db907dec2a217e4c50c83af686fbf6911b35c89dc5cf2
|
File details
Details for the file fastapi_easylimiter-0.4.0-py3-none-any.whl.
File metadata
- Download URL: fastapi_easylimiter-0.4.0-py3-none-any.whl
- Upload date:
- Size: 9.7 kB
- Tags: Python 3
- Uploaded using Trusted Publishing? No
- Uploaded via: twine/6.2.0 CPython/3.13.1
File hashes
| Algorithm | Hash digest | |
|---|---|---|
| SHA256 |
d59d87da33248b13ae84b9607673803995aa8a05cc712582c7324e363fa987dc
|
|
| MD5 |
ce5fa180542b708cb283e5f3851cca01
|
|
| BLAKE2b-256 |
c749c409238e68c4d1a1e3b939bdd892b07a6f632d725f1fdd879bc7d3e0fc1b
|
