Flaskframework~30 mins

Rate limiting for protection in Flask - Mini Project: Build & Apply

Choose your learning style9 modes available

Learn Why Deep Visual Try Challenge Project Recall Perf

Rate limiting for protection

📖 Scenario: You are building a simple Flask web app that serves a welcome message. To keep your app safe from too many requests in a short time, you want to add rate limiting. This means users can only make a few requests per minute.

🎯 Goal: Build a Flask app with a route / that returns a welcome message. Add rate limiting to allow only 3 requests per minute per user IP address.

📋 What You'll Learn

Create a Flask app with a single route /

Set up a rate limiter that allows 3 requests per minute per IP

Return a simple welcome message from the route

Use the Flask-Limiter extension for rate limiting

💡 Why This Matters

🌍 Real World

Rate limiting protects web apps from too many requests that can overload servers or cause abuse.

💼 Career

Understanding rate limiting is important for backend developers and security engineers to build reliable and secure web services.

Progress0 / 4 steps

Create a basic Flask app with a route

Import Flask from flask. Create a Flask app called app. Define a route / with a function home that returns the string 'Welcome to the site!'.

Flask

from flask import Flask

app = Flask(__name__)

# Define the home route
# Your code here

Need a hint?

Use @app.route('/') to create the route and define a function that returns the welcome message.

Import and configure Flask-Limiter

Import Limiter and HEADERS from flask_limiter. Create a Limiter instance called limiter with app as the Flask app and key_func set to lambda: request.remote_addr. Also import request from flask.

Flask

from flask import Flask, request
from flask_limiter import Limiter, HEADERS

app = Flask(__name__)

# Create limiter with key_func
# Your code here

@app.route('/')
def home():
    return 'Welcome to the site!'

Need a hint?

Use Limiter(app, key_func=lambda: request.remote_addr) to limit by user IP address.

Apply rate limit to the route

Add the decorator @limiter.limit('3 per minute') above the home function to limit requests to 3 per minute per IP.

Flask

from flask import Flask, request
from flask_limiter import Limiter, HEADERS

app = Flask(__name__)

limiter = Limiter(app, key_func=lambda: request.remote_addr)

# Add rate limit decorator here
@app.route('/')
def home():
    return 'Welcome to the site!'

Need a hint?

Put @limiter.limit('3 per minute') just above the home function.

Add app run block for local testing

Add the block if __name__ == '__main__': and inside it call app.run(debug=True) to run the Flask app locally with debug mode.

Flask

from flask import Flask, request
from flask_limiter import Limiter, HEADERS

app = Flask(__name__)

limiter = Limiter(app, key_func=lambda: request.remote_addr)

@app.route('/')
@limiter.limit('3 per minute')
def home():
    return 'Welcome to the site!'

# Add app run block below
# Your code here

Need a hint?

Use the standard Flask app run block to start the server.