Rate limiting with django-ratelimit

I was playing around with James Socol’s django-ratelimit tonight. It provides a decorator to rate-limit view functions. Very nice! I wanted to use it for login blocking, and some minor changes helped this out. My forked version of django-ratelimit is a available on GitHub It adds a message when a call is blocked and the ability to clear the count for given user.

Adding it to django-userena sign-in was as simple as:

in userena/views.py:

from ratelimit.decorators import ratelimit, clear
@ratelimit(field='identification',rate="5/m", method="POST", block=True, error_message="You have too many invalid login attempts.  Please try again later")
def signin(request, auth_form=AuthenticationForm,.....
     #after successful login
     clear(request, field='identification') ### clear rate limiting 

This entry was posted in Django, Python. Bookmark the permalink.

Leave a Reply

Your email address will not be published. Required fields are marked *