Rate limiting for flask applications
Project description
Flask-Limiter adds rate limiting to Flask applications.
You can configure rate limits at different levels such as:
Application wide global limits per user
Default limits per route
By Blueprints
Flask-Limiter can be configured to fit your application in many ways, including:
Persistance to various commonly used storage backends (such as Redis, Memcached, MongoDB & Etcd) via limits
Any rate limiting strategy supported by limits
Follow the quickstart below to get started or read the documentation for more details.
Quickstart
Install
pip install Flask-Limiter
Add the rate limiter to your flask app
# app.py
from flask import Flask
from flask_limiter import Limiter
from flask_limiter.util import get_remote_address
app = Flask(__name__)
limiter = Limiter(
get_remote_address,
app=app,
default_limits=["2 per minute", "1 per second"],
storage_uri="memory://",
# Redis
# storage_uri="redis://localhost:6379",
# Redis cluster
# storage_uri="redis+cluster://localhost:7000,localhost:7001,localhost:70002",
# Memcached
# storage_uri="memcached://localhost:11211",
# Memcached Cluster
# storage_uri="memcached://localhost:11211,localhost:11212,localhost:11213",
# MongoDB
# storage_uri="mongodb://localhost:27017",
# Etcd
# storage_uri="etcd://localhost:2379",
strategy="fixed-window", # or "moving-window"
)
@app.route("/slow")
@limiter.limit("1 per day")
def slow():
return "24"
@app.route("/fast")
def fast():
return "42"
@app.route("/ping")
@limiter.exempt
def ping():
return 'PONG'
Inspect the limits using the command line interface
$ FLASK_APP=app:app flask limiter limits
app
├── fast: /fast
│ ├── 2 per 1 minute
│ └── 1 per 1 second
├── ping: /ping
│ └── Exempt
└── slow: /slow
└── 1 per 1 day
Run the app
$ FLASK_APP=app:app flask run
Test it out
The fast endpoint respects the default rate limit while the slow endpoint uses the decorated one. ping has no rate limit associated with it.
$ curl localhost:5000/fast
42
$ curl localhost:5000/fast
42
$ curl localhost:5000/fast
<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 3.2 Final//EN">
<title>429 Too Many Requests</title>
<h1>Too Many Requests</h1>
<p>2 per 1 minute</p>
$ curl localhost:5000/slow
24
$ curl localhost:5000/slow
<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 3.2 Final//EN">
<title>429 Too Many Requests</title>
<h1>Too Many Requests</h1>
<p>1 per 1 day</p>
$ curl localhost:5000/ping
PONG
$ curl localhost:5000/ping
PONG
$ curl localhost:5000/ping
PONG
$ curl localhost:5000/ping
PONG
Project details
Release history Release notifications | RSS feed
Download files
Download the file for your platform. If you're not sure which to choose, learn more about installing packages.
Source Distribution
Built Distribution
Hashes for Flask_Limiter-3.8.0-py3-none-any.whl
Algorithm | Hash digest | |
---|---|---|
SHA256 | 0ab44f586d8cc349412791711b6cbafe8f86e7b60ad9e8f24f2686009f00900e |
|
MD5 | 57af948599a79bfa05d8754b0f7f18a2 |
|
BLAKE2b-256 | b4c5d5a91940f87a645997b1acf0e7ddd97738d01bd819dcb3cbda2552160195 |