Skip to main content

A Django framework for application-layer rate limiting

Project description

a framework for implementing rate-limiting middleware for Django projects

CI Status PyPi

Overview

This package allows Django developers to define application-level rate-limiting rules. Often, these rules would be expressed as “max # requests within a defined time period”. E.g.:

  • an IP address may make at most 1500 requests/day

  • users with an OAuth access token may make 500 reads/hour and 200 writes/hour

You can also define leaky bucket-style rules:

  • Allow 10 requests per minute, then every 6 seconds thereafter.

Features

  • Attach rules to specific views using a decorator

  • Supports multiple throttle configurations

  • Use Django’s cache layer as the storage backend, or use Redis scripting for production-ready atomic operations

  • Define request attributes to rate limit (e.g. remote IP address, username, HTTP header value, device fingerprint, etc.)

  • Application-level rate limiting rules using fixed-bucket or generic cell rate algorithm (leaky bucket)

Installation

  1. Install the library with pip:

    sudo pip install django-throttle-requests
  2. Add the directory throttle to your project’s PYTHONPATH.

Usage

  1. Insert the following configuration into your project’s settings:

    THROTTLE_ZONES = {
        'default': {
            'VARY':'throttle.zones.RemoteIP',
            'ALGORITHM': 'fixed-bucket',  # Default if not defined.
            'BUCKET_INTERVAL':15 * 60,  # Number of seconds to enforce limit.
            'BUCKET_CAPACITY':50,  # Maximum number of requests allowed within BUCKET_INTERVAL
        },
    }
    
    # Where to store request counts.
    THROTTLE_BACKEND = 'throttle.backends.cache.CacheBackend'
    
    # Optional if Redis backend is chosen ('throttle.backends.redispy.RedisBackend')
    THROTTLE_REDIS_HOST = 'localhost'
    THROTTLE_REDIS_PORT = 6379
    THROTTLE_REDIS_DB = 0
    THROTTLE_REDIS_AUTH = 'pass'
    
    # Normally, throttling is disabled when DEBUG=True. Use this to force it to enabled.
    THROTTLE_ENABLED = True
  2. Use the @throttle decorator to enforce throttling rules on a view:

    from throttle.decorators import throttle
    
    @throttle(zone='default')
    def myview(request):
       ...
  3. Also works with class-based views:

    from django.views.generic import View
    from django.utils.decorators import method_decorator
    
    from throttle.decorators import throttle
    
    class TestView(View):
    
        @method_decorator(throttle(zone='default'))
        def dispatch(self, *args, **kwargs):
            return super(TestView, self).dispatch(*args, **kwargs)
    
        def head(self, request):
            ...
    
        def get(self, request):
            ...
Code:

https://github.com/sobotklp/django-throttle-requests

Documentation:

https://readthedocs.org/projects/django-throttle-requests/

Download files

Download the file for your platform. If you're not sure which to choose, learn more about installing packages.

Source Distribution

django-throttle-requests-0.7.0.tar.gz (8.7 kB view hashes)

Uploaded Source

Supported by

AWS AWS Cloud computing and Security Sponsor Datadog Datadog Monitoring Fastly Fastly CDN Google Google Download Analytics Microsoft Microsoft PSF Sponsor Pingdom Pingdom Monitoring Sentry Sentry Error logging StatusPage StatusPage Status page