Advanced rate limiting and DDoS protection for Python web applications

Navigation

Verified details

These details have been verified by PyPI
Project links
GitHub Statistics
Maintainers
Avatar for MykeChidi from gravatar.com MykeChidi

Unverified details

These details have not been verified by PyPI
Report project as malware

Project description

RateThrottle

Pypi License: MIT

Advanced rate limiting and DDoS protection for Python web applications.

RateThrottle is a comprehensive rate limiting library that provides enterprise-level features for protecting your APIs and web applications from abuse, with built-in DDoS protection, different storage backends, multiple strategies and seamless integration with popular Python web frameworks.

✨ Features

  • 🚀 Multiple Rate Limiting Strategies

    • Sliding Window Log (default)
    • Token Bucket
    • Leaky Bucket
    • Fixed Window

  • 🛡️ Advanced DDoS Protection

    • Traffic pattern analysis
    • Automatic suspicious activity detection
    • Auto-blocking capabilities

  • 💾 Flexible Storage Backends

    • In-memory (single instance)
    • Redis (distributed/multi-server)
    • Easy to extend with custom backends

  • 🔧 Framework Integration

    • Flask
    • FastAPI
    • Django
    • Starlette
    • Generic WSGI/ASGI support

  • 📊 Monitoring & Analytics

    • Real-time metrics
    • Violation tracking
    • CLI dashboard

  • ⚙️ Configuration Management

    • YAML configuration files
    • Programmatic configuration
    • Hot-reloading support

🚀 Quick Start

Installation

# Basic installation
pip install ratethrottle

# With Redis support
pip install ratethrottle[redis]

# With Flask support
pip install ratethrottle[flask]

# With FastAPI support
pip install ratethrottle[fastapi]

# With Django support
pip install ratethrottle[django]

# Install everything
pip install ratethrottle[frameworks]

Flask Example

from flask import Flask
from ratethrottle import FlaskRateLimiter

app = Flask(__name__)
limiter = FlaskRateLimiter(app)

@app.route('/api/data')
@limiter.limit("100/minute")
def get_data():
    return {'data': 'value'}

@app.route('/api/auth')
@limiter.limit("5/minute")
def login():
    return {'token': 'abc123'}

if __name__ == '__main__':
    app.run()

FastAPI Example

from fastapi import FastAPI
from ratethrottle import FastAPIRateLimiter

app = FastAPI()
limiter = FastAPIRateLimiter()

@app.get("/api/data")
@limiter.limit("100/minute")
async def get_data():
    return {"data": "value"}

Django Example

from django.http import JsonResponse
from ratethrottle import django_ratelimit

@django_ratelimit(limit=100, window=60, key='ip')
def api_view(request):
    return JsonResponse({'data': 'value'})

Standalone Usage

from ratethrottle import RateThrottleCore, RateThrottleRule

# Create limiter
limiter = RateThrottleCore()

# Add rule
rule = RateThrottleRule(
    name='api_limit',
    limit=100,
    window=60,
    strategy='sliding_window'
)
limiter.add_rule(rule)

# Check rate limit
status = limiter.check_rate_limit('192.168.1.100', 'api_limit')

if status.allowed:
    # Process request
    print(f"Request allowed! {status.remaining} requests remaining")
else:
    # Reject request
    print(f"Request blocked! Retry after {status.retry_after} seconds")

📖 Documentation

Rate Limiting Strategies

1. Token Bucket

Best for: APIs with burst allowances

rule = RateThrottleRule(
    name='api_burst',
    limit=100,
    window=60,
    strategy='token_bucket',
    burst=150  # Allow up to 150 tokens in bucket
)

2. Leaky Bucket

Best for: Smooth, constant rate processing

rule = RateThrottleRule(
    name='api_steady',
    limit=100,
    window=60,
    strategy='leaky_bucket'
)

3. Fixed Window

Best for: Simple, efficient rate limiting

rule = RateThrottleRule(
    name='api_window',
    limit=100,
    window=60,
    strategy='fixed_window'
)

4. Sliding Window Log

Best for: Precise rate limiting without edge cases

rule = RateThrottleRule(
    name='api_precise',
    limit=100,
    window=60,
    strategy='sliding_window'
)

Redis Backend (Distributed)

from ratethrottle import create_limiter

# Using Redis for distributed rate limiting
limiter = create_limiter('redis', 'redis://localhost:6379/0')

# Now works across multiple servers!

Configuration Files

Create ratethrottle.yaml:

# Storage backend
storage:
  type: redis
  redis:
    host: localhost
    port: 6379
    db: 0

# Global settings
global:
  enabled: true
  default_strategy: sliding_window
  headers_enabled: true

# Rate limiting rules
rules:
  - name: api_default
    limit: 1000
    window: 3600
    strategy: token_bucket
    
  - name: auth_strict
    limit: 5
    window: 60
    strategy: sliding_window
    block_duration: 900

# DDoS Protection
ddos_protection:
  enabled: true
  threshold: 10000
  auto_block: true
  block_duration: 3600

Load configuration:

from ratethrottle import ConfigManager, RateThrottleCore

config = ConfigManager('ratethrottle.yaml')
limiter = RateThrottleCore()

for rule in config.get_rules():
    limiter.add_rule(rule)

DDoS Protection

from ratethrottle import DDoSProtection

ddos = DDoSProtection({
    'enabled': True,
    'threshold': 10000,
    'window': 60,
    'auto_block': True,
    'block_duration': 3600
})

# Analyze traffic pattern
pattern = ddos.analyze_traffic(
    identifier='192.168.1.100',
    endpoint='/api/data'
)

if pattern.is_suspicious:
    print(f"⚠️ Suspicious activity detected!")
    print(f"Request rate: {pattern.request_rate:.2f} req/s")
    print(f"Suspicion score: {pattern.suspicious_score:.2f}")

Whitelist/Blacklist Management

# Add to whitelist (bypass all limits)
limiter.add_to_whitelist('192.168.1.100')

# Add to blacklist (block all requests)
limiter.add_to_blacklist('192.168.1.200', duration=3600)  # Block for 1 hour

# Remove from blacklist
limiter.remove_from_blacklist('192.168.1.200')

Violation Callbacks

def handle_violation(violation):
    """Custom violation handler"""
    print(f"⚠️ Violation: {violation.identifier}")
    print(f"Rule: {violation.rule_name}")
    print(f"Requests: {violation.requests_made}/{violation.limit}")
    
    # Send alert, log to database, etc.

limiter.register_violation_callback(handle_violation)

Metrics and Monitoring

# Get metrics
metrics = limiter.get_metrics()

print(f"Total requests: {metrics['total_requests']}")
print(f"Blocked requests: {metrics['blocked_requests']}")
print(f"Block rate: {metrics['block_rate']:.2f}%")
print(f"Recent violations: {len(metrics['recent_violations'])}")

# Reset metrics
limiter.reset_metrics()

🖥️ CLI Usage

RateThrottle includes a powerful CLI for monitoring and management:

# Start interactive monitoring dashboard
ratethrottle monitor --config ratethrottle.yaml

# Test rate limiting configuration
ratethrottle test --rule api_default --identifier 192.168.1.100 --requests 150

# Manage whitelist/blacklist
ratethrottle manage --blacklist-add 192.168.1.50 --duration 3600
ratethrottle manage --whitelist-add 10.0.0.5

# View configuration
ratethrottle config --show

# Validate configuration
ratethrottle config --validate

# Export statistics
ratethrottle stats --export report.json

🔧 Advanced Usage

Custom Storage Backend

from ratethrottle import StorageBackend

class CustomStorage(StorageBackend):
    """Custom storage implementation"""
    
    def get(self, key: str):
        # Implement get logic
        pass
    
    def set(self, key: str, value, ttl: int = None):
        # Implement set logic
        pass
    
    def increment(self, key: str, amount: int = 1, ttl: int = None):
        # Implement increment logic
        pass
    
    def delete(self, key: str):
        # Implement delete logic
        pass
    
    def exists(self, key: str) -> bool:
        # Implement exists logic
        pass

# Use custom storage
limiter = RateThrottleCore(storage=CustomStorage())

Custom Rate Limiting Strategy

from ratethrottle.strategies import RateLimitStrategy

class CustomStrategy(RateLimitStrategy):
    """Custom rate limiting strategy"""
    
    def is_allowed(self, identifier, rule, storage):
        # Implement your custom logic
        # Return (allowed: bool, status: RateThrottleStatus)
        pass

📊 Performance

RateThrottle is designed for high performance:

  • In-memory storage: 100,000+ requests/second
  • Redis storage: 50,000+ requests/second (network dependent)
  • Minimal overhead: < 1ms per request check
  • Thread-safe: Safe for concurrent use
  • Memory efficient: Automatic cleanup of expired data

📝 License

This project is licensed under the MIT License - see the LICENSE file for details.

📮 Support

Project details

Verified details

These details have been verified by PyPI
Project links
GitHub Statistics
Maintainers
Avatar for MykeChidi from gravatar.com MykeChidi

Unverified details

These details have not been verified by PyPI

Release history Release notifications | RSS feed

1.3.3

1.3.1

1.3.0

1.2.2

1.2.0

This version

1.0.1

1.0.0

Download files

Download the file for your platform. If you're not sure which to choose, learn more about installing packages.

Source Distribution

ratethrottle-1.0.1.tar.gz (61.2 kB view details)

Uploaded Source

Built Distribution

If you're not sure about the file name format, learn more about wheel file names.

ratethrottle-1.0.1-py3-none-any.whl (48.7 kB view details)

Uploaded Python 3

File details

Details for the file ratethrottle-1.0.1.tar.gz.

File metadata

  • Download URL: ratethrottle-1.0.1.tar.gz
  • Upload date:
  • Size: 61.2 kB
  • Tags: Source
  • Uploaded using Trusted Publishing? Yes
  • Uploaded via: twine/6.1.0 CPython/3.13.7

File hashes

Hashes for ratethrottle-1.0.1.tar.gz
Algorithm Hash digest
SHA256 6b59f3261959df1f6e9e216946e71d47dc7821931a2ef3d43b2e16b5af7bdecd
MD5 e1bfa5fa2a6c8624e999b5ffcdbab8e2
BLAKE2b-256 42aee3d116d8372b6d9a548cec1b7da0398f7917e55cd002b1997df3d3155457

See more details on using hashes here.

Provenance

The following attestation bundles were made for ratethrottle-1.0.1.tar.gz:

Publisher: publish.yml on MykeChidi/ratethrottle

Attestations: Values shown here reflect the state when the release was signed and may no longer be current.

File details

Details for the file ratethrottle-1.0.1-py3-none-any.whl.

File metadata

  • Download URL: ratethrottle-1.0.1-py3-none-any.whl
  • Upload date:
  • Size: 48.7 kB
  • Tags: Python 3
  • Uploaded using Trusted Publishing? Yes
  • Uploaded via: twine/6.1.0 CPython/3.13.7

File hashes

Hashes for ratethrottle-1.0.1-py3-none-any.whl
Algorithm Hash digest
SHA256 384737e95e0de431c11b624e331d753fe5f15b51bd4e3599e7a2be5485679bb4
MD5 257ca5071b34ef51b8099d7bf47e63f1
BLAKE2b-256 da1c482605dd4075091c5c3cd1c82946655f705535ea9da5b29f2e74994fad16

See more details on using hashes here.

Provenance

The following attestation bundles were made for ratethrottle-1.0.1-py3-none-any.whl:

Publisher: publish.yml on MykeChidi/ratethrottle

Attestations: Values shown here reflect the state when the release was signed and may no longer be current.

Supported by

AWS Cloud computing and Security Sponsor Datadog Monitoring Depot Continuous Integration Fastly CDN Google Download Analytics Pingdom Monitoring Sentry Error logging StatusPage Status page