AnonRateThrottle in Django REST framework

valentinogagliardi · March 31, 2021, 7:36am

Hi there! I’ve been experimenting with throttling in DRF, and I noticed that rest_framework.throttling.AnonRateThrottle does not work as I was expecting. Does this throttle class limit nonauthenticated users? The following configuration described in DRF docs does work well for authenticated users, but it does not rate limit anonymous users:

REST_FRAMEWORK = {
    'DEFAULT_THROTTLE_CLASSES': [
        'rest_framework.throttling.AnonRateThrottle',
        'rest_framework.throttling.UserRateThrottle'
    ],
    'DEFAULT_THROTTLE_RATES': {
        'anon': '100/day',
        'user': '1000/day'
    }
}

Am I missing something? Thanks!

CodenameTim · March 31, 2021, 10:23pm

That looks correct to me. How are you testing this and what results are you seeing?

Take a look at the DRF source code and how it generates the unique ID for the anonymous user. It’s possible your test case is being considered unique anonymous users.

Topic		Replies	Views
DRF throttling, how to rate limit requests for token users only? Using Django	5	2037	February 26, 2021
DRF throttle monitoring Getting Started	1	1053	April 5, 2023
Django Rest framework how to apply restriction on public api for unauthenticated users? Forms & APIs	10	7109	June 8, 2022
DRF throttle (APIView) Forms & APIs	3	35	August 6, 2024
[SOLVED] AllowAny override does not work on APIView Using Django	2	3477	September 19, 2021

AnonRateThrottle in Django REST framework

Related topics