Async rate limiter for FastAPI with Redis or in-memory backend and advanced proxy-aware security
Project description
fastapi‑easylimiter
An ASGI async rate-limiting middleware for FastAPI with Redis, designed to handle auto-generated routes (e.g., FastAPI-Users) without decorators, for simplicity and ease of use.
Features
- Path based rules (
/api/*,/auth/*, exact matches) - Fixed & sliding window algorithms (Lua)
RateLimit,RateLimit-Policy,Retry-Afterheaders- Bans with back-off per IP with configurable window
- BaseHTTPMiddleware for FastAPI/Starlette
- Async Redis support
- Easy to configure
- No decorators needed
- HTML/JSON error responses
TODO
- In-memory option
- Additional strategies
Installation
pip install fastapi-easylimiter
Usage
from fastapi import FastAPI
import redis.asyncio as redis
from middleware.rate import RateLimitMiddleware
app = FastAPI()
redis_client = redis.from_url("redis://localhost:6379/0")
app.add_middleware(
RateLimitMiddleware,
redis=redis,
rules={
"/*": (200, 60, "fixed"),
"/api/*": (5, 1000, "sliding"),
"/api/auth/*": (3, 1, "sliding"),
"/api/users/me": (2, 30, "fixed"),
},
exempt=[],
enable_bans=True,
ban_offenses=8,
ban_window="10m",
ban_length="5m",
ban_max_length="1d",
)
Example:
/api/auth/loginmatches/api/authand/api. If any rule is exceeded →429returned. If banned →403returned.
Redis Key Patterns
| Key Pattern | Example | Type | Used For |
|---|---|---|---|
rl:Fixe:{hash}:{limit}:{window} |
rl:Fixe:a1b2c3d4e5f6a7b8:100:60 |
String | Fixed-window counter |
rl:Slid:{hash}:{limit}:{window} |
rl:Slid:a1b2c3d4e5f6a7b8:60:60 |
ZSET | Sliding window request log |
offense:{identifier} |
offense:203.0.113.5 |
ZSET | Offense tracking for ban escalation |
ban:{identifier} |
ban:203.0.113.5 |
String+TTL | Active ban flag |
Middleware Parameters
| Parameter | Type | Required | Description |
|---|---|---|---|
redis |
redis.asyncio.Redis |
Yes | Redis async client |
rules |
Dict[str, Tuple[int, int, str]] |
Yes | Path → (limit, period, strategy) |
exempt |
Optional[List[str]] |
No | Paths that bypass rate limits |
enable_bans |
bool |
No | Enable/disable ban system |
ban_offenses |
int |
No | Offenses before ban triggers |
ban_window |
str |
No | Time window for offense accumulation |
ban_length |
str |
No | Initial ban length |
ban_max_length |
str |
No | Maximum exponential ban ceiling |
Screenshot
Contributing
Contributions and forks are always welcome! Adapt, improve, or extend for your own needs.
Support
Release history Release notifications | RSS feed
Download files
Download the file for your platform. If you're not sure which to choose, learn more about installing packages.
Source Distribution
Built Distribution
Filter files by name, interpreter, ABI, and platform.
If you're not sure about the file name format, learn more about wheel file names.
Copy a direct link to the current filters
File details
Details for the file fastapi_easylimiter-0.4.1.tar.gz.
File metadata
- Download URL: fastapi_easylimiter-0.4.1.tar.gz
- Upload date:
- Size: 9.8 kB
- Tags: Source
- Uploaded using Trusted Publishing? No
- Uploaded via: twine/6.2.0 CPython/3.13.1
File hashes
| Algorithm | Hash digest | |
|---|---|---|
| SHA256 |
28633f5b5509f73f3fc6607f7e3530507fc230131080b9f5b60728ad4cc2c7cf
|
|
| MD5 |
eea914f54fce75078213b1fb43ea35dd
|
|
| BLAKE2b-256 |
ee8770d6f66ab60e27f1682d9f7019c0ad50386790c9b279222042d32e0f14aa
|
File details
Details for the file fastapi_easylimiter-0.4.1-py3-none-any.whl.
File metadata
- Download URL: fastapi_easylimiter-0.4.1-py3-none-any.whl
- Upload date:
- Size: 9.2 kB
- Tags: Python 3
- Uploaded using Trusted Publishing? No
- Uploaded via: twine/6.2.0 CPython/3.13.1
File hashes
| Algorithm | Hash digest | |
|---|---|---|
| SHA256 |
ba93d1dbd0a977879b0327828ca62bc205f588687dde5f4fff45899ead849aa6
|
|
| MD5 |
466a7cbb7fa723e98a3afee80e93b7ee
|
|
| BLAKE2b-256 |
cd5508cb15c3029fb1ae2fa8233327f87a821c468d48e9fb2c81ccad7e888674
|
