GithubHelp home page GithubHelp logo

k0rventen / flask-gatekeeper Goto Github PK

View Code? Open in Web Editor NEW
1.0 3.0 0.0 2.89 MB

A (very) simple banning & rate limiting extension for Flask.

Home Page: https://k0rventen.github.io/flask-gatekeeper/

License: MIT License

Python 100.00%
flask python rate-limiting banning

flask-gatekeeper's Introduction

flask-gatekeeper

A simple banning & rate limiting extension for Flask.

PyPI - Status PyPI - Version PyPI - Downloads

It's not meant to be a replacement for other, more complex banning & rate limiting modules like flask-Limiter or flask-ipban.

It has the following specificities:

  • no dependencies,
  • quite fast due to the use of collections.deque,
  • in-memory storage (no persistence across restarts).

Full documentation can be found here: https://k0rventen.github.io/flask-gatekeeper/

Getting started

Install

pip install flask-gatekeeper

Sample usage

Here is a demo app showing the main capabilities of flask-gatekeeper :

# import flask-gatekeeper along flask
from flask import Flask
from flask_gatekeeper import GateKeeper 

app = Flask(__name__)
gk = GateKeeper(app, # or use .init_app(app) later 
                ip_header="x-my-ip", # optionnal header to use for the client IP (e.g if using a reverse proxy)
                ban_rule={"count":3,"window":10,"duration":600}, # 3 reports in a 10s window will ban for 600s
                rate_limit_rules=[{"count":20,"window":1},{"count":100,"window":10}], # rate limiting will be applied if over 20 requests in 1s or 100 requests in 10s
                excluded_methods=["HEAD"]) # do not add HEAD requests to the tally 

# By default, all routes will use the rate limiting we defined above:

@app.route("/ping") # this route is rate limited by the global rule
def ping():
    return "ok",200

@app.route("/login") # also rate limited by the global rule
def login():
    if request.json.get("password") == "password":
        return token,200
    else:
        gk.report() # report the request's IP, after 3 reports in this case the IP will be banned 
        return "bad password",401

# we can specify different rate limiting rules using decorators

@app.route("/global_plus_specific")
@gk.specific(rate_limit_rules=[{"count":1,"window":2}]) # add another rate limit on top of the global one (to avoid bursting for example)
def specific():
    return "ok",200

@app.route("/standalone")
@gk.specific(rate_limit_rules=[{"count":10,"window":3600}],standalone=True) # rate limited only by this rule
def standalone():
    return "ok",200

@app.route("/bypass")
@gk.bypass # do not apply anything on that route
def bypass():
    return "ok",200


app.run("127.0.0.1",5000)

Copy that in a file or your REPL, then try the various endpoints.

flask-gatekeeper's People

Contributors

k0rventen avatar

Stargazers

avatar

Watchers

avatar avatar avatar

flask-gatekeeper's Issues

Only bans for 60s

The app only seems to ban for 60s when it should be banning for 600 seconds or more. And when you gk,report() an already banned ip it still serves the page because they are not banned on that page. It would be nice to be able to ban the IP from all pages since hacktools usually try a bunch of URLs really fast, it would be nice to ban them from the entire site where a gk.report() is used. Am I missing something or does this app only ban for 60s? Please Fix, or suggest a working replacement.

Recommend Projects

  • React photo React

    A declarative, efficient, and flexible JavaScript library for building user interfaces.

  • Vue.js photo Vue.js

    ๐Ÿ–– Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.

  • Typescript photo Typescript

    TypeScript is a superset of JavaScript that compiles to clean JavaScript output.

  • TensorFlow photo TensorFlow

    An Open Source Machine Learning Framework for Everyone

  • Django photo Django

    The Web framework for perfectionists with deadlines.

  • D3 photo D3

    Bring data to life with SVG, Canvas and HTML. ๐Ÿ“Š๐Ÿ“ˆ๐ŸŽ‰

Recommend Topics

  • javascript

    JavaScript (JS) is a lightweight interpreted programming language with first-class functions.

  • web

    Some thing interesting about web. New door for the world.

  • server

    A server is a program made to process requests and deliver data to clients.

  • Machine learning

    Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.

  • Game

    Some thing interesting about game, make everyone happy.

Recommend Org

  • Facebook photo Facebook

    We are working to build community through open source technology. NB: members must have two-factor auth.

  • Microsoft photo Microsoft

    Open source projects and samples from Microsoft.

  • Google photo Google

    Google โค๏ธ Open Source for everyone.

  • D3 photo D3

    Data-Driven Documents codes.