5

I'm using DJANGO REST FRAMEWORK to protect my API. Django Throttling that limits the number of requests on an API for Anonymous and authenticates Users.

The throttling is not working on production mode. By the way, I'm using Ubuntu and Nginx server for deploying my site.

I use two way but both didn't work for me. Here are the codes. Please help me. I'm noob in django.

1st Method, Which I use is described below. Views.py

class SustainedAnon(AnonRateThrottle):
    rate = '100/day'

class BurstAnon(AnonRateThrottle):
    rate = '10/minute'

class SustainedUser(UserRateThrottle):
    rate = '100/day'


class BurstUser(UserRateThrottle):
    rate = '10/min'


class ProductApi(generics.RetrieveAPIView, mixins.CreateModelMixin):


    lookup_field= 'puid'

    serializer_class = ProductApisSerializers

    """
    Provides a get method handler.
    """
    # permission_classes = (IsAuthenticated,)

        throttle_classes = (SustainedAnon,SustainedUser,BurstAnon,BurstUser)



    def get_queryset(self):
        return ProductApis.objects.all()

    def post(self, request,*args,**kwargs):
        return self.create(request, *args, **kwargs)

URLS.PY

from django.contrib import admin
from django.urls import path, include
from . import views
from rest_framework.urlpatterns import format_suffix_patterns

urlpatterns = [
    path('',views.index, name='index'),
    path('api/<slug:puid>/',views.ProductApi.as_view()),
]

2nd Method- DRF

Views.py

class ProductApi(generics.RetrieveAPIView, mixins.CreateModelMixin):


    lookup_field= 'puid'

    serializer_class = ProductApisSerializers

    """
    Provides a get method handler.
    """
    # permission_classes = (IsAuthenticated,)

    throttle_classes = [UserRateThrottle,AnonRateThrottle]


    def get_queryset(self):
        return ProductApis.objects.all()

    def post(self, request,*args,**kwargs):
        return self.create(request, *args, **kwargs)

settings.py


REST_FRAMEWORK = {
    'DEFAULT_THROTTLE_CLASSES': [
        'rest_framework.throttling.AnonRateThrottle',
        'rest_framework.throttling.UserRateThrottle'
    ],
    'DEFAULT_THROTTLE_RATES': {
        'anon': '20/minute',
        'user': '10/minute',
    }
}

Also, in first method I didn't makes any changes in settings.py file while to use 2nd method I add an additional code of DRF for controlling throttling.

Both methods do not work for me.

suraj sharma
  • 415
  • 4
  • 14

1 Answers1

1

Using LocMemCache in production will lead to random results. Chances are you are using more than one process which means each will have each own isolated cache. Whatever will be cached in one process will not be available to the others.

Using a single process like you do with the runserver make the cache consistent.

TL;DR, don't use LocMemCache in production. Use Redis, Memcache or another shared cache instead.

Linovia
  • 19,812
  • 4
  • 47
  • 48
  • I have setup MemCache – suraj sharma Oct 15 '19 at 21:16
  • ``` CACHES = { 'default': { 'BACKEND': 'django.core.cache.backends.memcached.MemcachedCache', 'LOCATION': 'my product ip:11211', } } ``` – suraj sharma Oct 15 '19 at 21:17
  • Then you need to be more specific. What behavior do you expect and why you think it is not working. – Linovia Oct 15 '19 at 23:18
  • I want to restrict my API from being used after certain number of requests. If a user request 5 times in a minute then he must be restricted from using my API for the 6th time in the same minute. – suraj sharma Oct 16 '19 at 04:34