Django-ratelimit does not limit

Question

I have the issue using Django-ratelimit on heroku that the limiter is not working. I don't get any error. Any suggestions what I am doing wrong?

views.py

from django.core.cache import cache
from ratelimit.mixins import RatelimitMixin

[...]

class LoginView(RatelimitMixin, FormView):
    ratelimit_key = 'user'
    ratelimit_rate = '1/5m'
    ratelimit_method = 'GET'
    ratelimit_block = True

    template_name = "account/login.html"
    template_name_ajax = "account/ajax/login.html"
    form_class = LoginUsernameForm
    form_kwargs = {}
    redirect_field_name = "next"

    @method_decorator(sensitive_post_parameters())
    @method_decorator(csrf_protect)
    @method_decorator(never_cache)
    def dispatch(self, *args, **kwargs):
        return super(LoginView, self).dispatch(*args, **kwargs)

    def get(self, *args, **kwargs):
        if is_authenticated(self.request.user):
            return redirect(self.get_success_url())
        return super(LoginView, self).get(*args, **kwargs)

Setting.py

# RATELIMIT SETTINGS
#RATELIMIT_CACHE_PREFIX = 'rl:'
RATELIMIT_ENABLE = True
RATELIMIT_USE_CACHE = 'default'
#RATELIMIT_VIEW = None

Answer 1

Just some thoughts of what may be wrong. Please note that I've never used this app, I just had a look on the ratelimit's documentation.

Change the ratelimit_key to ip, instead of user.

Since it's on a login page, I believe the user key would have no effect, because it relies on the request.user.

Probably what you want is to use the ip instead.

class LoginView(RatelimitMixin, FormView):
    ratelimit_key = 'ip'
    ratelimit_method = 'POST'

It may require you to change the ratelimit_method to POST. At least it would make more sense for me.

Read more on Ratelimit Keys - Common Keys.

PS: Since you mentioned you have your application deployed on Heroku, there may be an issue regarding getting the client's IP address, which is probably used by the django-ratelimt app. Read more on this SO question: Get client's real IP address on Heroku.