setings設置django
MIDDLEWARE = [ 'django.middleware.security.SecurityMiddleware', 'django.contrib.sessions.middleware.SessionMiddleware', 'django.middleware.common.CommonMiddleware', 'django.middleware.csrf.CsrfViewMiddleware', 'django.contrib.auth.middleware.AuthenticationMiddleware', 'django.contrib.messages.middleware.MessageMiddleware', 'django.middleware.clickjacking.XFrameOptionsMiddleware', 'mymiddleware.s1.Throttle', # 自定義中間件 ] ACCESS_LIMIT = 10
自定義中間件session
from django.conf import settings
ACCESS_RECORD = {} # 自定義訪問頻率限制的中間件 class Throttle(MiddlewareMixin): def process_request(self, request): access_limit = settings.ACCESS_LIMIT if hasattr(settings, 'ACCESS_LIMIT') else 60 # 當前請求的IP地址 ip = request.META.get('REMOTE_ADDR') if ip not in ACCESS_RECORD: ACCESS_RECORD[ip] = [] history = ACCESS_RECORD[ip] # 判斷最近的10秒鐘以內這個IP訪問次數是否大於3 now = time.time() # DRF 訪問頻率限制 while history and now - history[-1] > access_limit: history.pop() history.insert(0, now) if len(history) > 3: return HttpResponse('滾')