Rate limiting with django-ratelimit

I was playing around with James Socol’s django-ratelimit tonight. It provides a decorator to rate-limit view functions. Very nice! I wanted to use it for login blocking, and some minor changes helped this out. My forked version of django-ratelimit is a available on GitHub It adds a message when a call is blocked and the ability to clear the count for given user.

Adding it to django-userena sign-in was as simple as:

in userena/views.py:


from ratelimit.decorators import ratelimit, clear
@ratelimit(field='identification',rate="5/m", method="POST", block=True, error_message="You have too many invalid login attempts.  Please try again later")
@secure_required
def signin(request, auth_form=AuthenticationForm,.....
.
.
.
     #after successful login
     clear(request, field='identification') ### clear rate limiting 

This entry was posted in Django, Python. Bookmark the permalink.

Leave a Reply

Your email address will not be published. Required fields are marked *

You may use these HTML tags and attributes: <a href="" title=""> <abbr title=""> <acronym title=""> <b> <blockquote cite=""> <cite> <code> <del datetime=""> <em> <i> <q cite=""> <strike> <strong>