Rate-limit Flask routes with Flask-Limiter: per-minute, per-user limits, and Redis storage.
Rate Limiting
pip install flask-limiter
from flask_limiter import Limiter
from flask_limiter.util import get_remote_address
limiter = Limiter(get_remote_address, app=app,
default_limits=["200 per day", "50 per hour"],
storage_uri="redis://localhost:6379"
)
@app.route("/api/login", methods=["POST"])
@limiter.limit("5 per minute") # stricter limit for login
def login():
pass
@app.route("/api/data")
@limiter.limit("100 per hour")
def data():
pass
# Exempt certain routes
@app.route("/health")
@limiter.exempt
def health():
return "ok"
# Per-user limit
@limiter.limit("10 per minute", key_func=lambda: str(current_user.id))
def api_endpoint():
pass