Ecosyste.ms: Awesome
An open API service indexing awesome lists of open source software.
https://github.com/kdahlhaus/django-ratelimit
Cache-based rate-limiting for Django
https://github.com/kdahlhaus/django-ratelimit
Last synced: 11 days ago
JSON representation
Cache-based rate-limiting for Django
- Host: GitHub
- URL: https://github.com/kdahlhaus/django-ratelimit
- Owner: kdahlhaus
- License: bsd-3-clause
- Fork: true (jsocol/django-ratelimit)
- Created: 2012-12-29T05:23:54.000Z (almost 12 years ago)
- Default Branch: master
- Last Pushed: 2012-12-29T05:54:32.000Z (almost 12 years ago)
- Last Synced: 2024-07-31T19:17:57.863Z (3 months ago)
- Language: Python
- Homepage:
- Size: 105 KB
- Stars: 1
- Watchers: 2
- Forks: 1
- Open Issues: 0
-
Metadata Files:
- Readme: README.rst
- License: LICENSE
Awesome Lists containing this project
- my-awesome-starred - django-ratelimit - Cache-based rate-limiting for Django (Python)
README
================
Django Ratelimit
================
Django Ratelimit provides a decorator to rate-limit views. Limiting can be
based on IP address or a field in the request--either a GET or POST variable.
If the rate limit is exceded, either a 403 Forbidden can be sent, or the
request can be annotated with a ``limited`` attribute, allowing you to take
another action like adding a captcha to a form.
Using Django Ratelimit
======================
``from ratelimit.decorators import ratelimit`` is the biggest thing you need to
do. The ``@ratelimit`` decorator provides several optional arguments with
sensible defaults (in *italics*).
``ip``:
Whether to rate-limit based on the IP. *True*
``block``:
Whether to block the request instead of annotating. *False*
``method``:
Which HTTP method(s) to rate-limit. May be a string, a list/tuple, or
``None`` for all methods. *None*
``field``:
Which HTTP field(s) to use to rate-limit. May be a string or a list. *none*
``rate``:
The number of requests per unit time allowed. *5/m*
``error_message``:
Optional error message passed to the 403 exception. This will be passed.
``from ratelimit.decorators import clear`` can be called to reset the limiting for a given ip=True/False, field combination. While it is in the decorator module, it is *not* a decorator.
Examples
--------
::
@ratelimit()
def myview(request):
# Will be true if the same IP makes more than 5 requests/minute.
was_limited = getattr(request, 'limited', False)
return HttpResponse()
@ratelimit(block=True)
def myview(request):
# If the same IP makes >5 reqs/min, will return HttpResponseForbidden
return HttpResponse()
@ratelimit(field='username')
def login(request):
# If the same username OR IP is used >5 times/min, this will be True.
# The `username` value will come from GET or POST, determined by the
# request method.
was_limited = getattr(request, 'limited', False)
return HttpResponse()
@ratelimit(method='POST')
def login(request):
# Only apply rate-limiting to POSTs.
return HttpResponseRedirect()
@ratelimit(field=['username', 'other_field'])
def login(request):
# Use multiple field values.
return HttpResponse()
@ratelimit(rate='4/h')
def slow(request):
# Allow 4 reqs/hour.
return HttpResponse()
@ratelimit(field='username')
def login(request):
# If the same username OR IP is used >5 times/min, this will be True.
# The `username` value will come from GET or POST, determined by the
# request method.
was_limited = getattr(request, 'limited', False)
# if user logged in OK:
clear(field='username')
return HttpResponse()
Acknowledgements
================
I would be remiss not to mention `Simon Willison`_'s ratelimitcache_, on which
this is largely based.
.. _Simon Willison: http://simonwillison.net/
.. _ratelimitcache: https://github.com/simonw/ratelimitcache