Django Custom Middleware for Request/Response Processing

Snippet

Django Custom Middleware for Request/Response Processing

Custom middleware in Django intercepts every request/response cycle, enabling cross-cutting concerns like rate limiting, request logging, and authentication preprocessing. This example demonstrates a rate-limiting middleware that tracks incoming requests per IP address within a sliding time window, returning 429 Too Many Requests when the limit is exceeded while adding rate limit headers to responses for client awareness.

snippet.py

python

import json
from django.http import JsonResponse
from django.utils.deprecation import MiddlewareMixin
 
class RateLimitMiddleware(MiddlewareMixin):
    """Middleware to track and limit API requests per IP address."""
    request_counts = {}
    RATE_LIMIT = 100
    WINDOW_SECONDS = 60
 
    def __init__(self, get_response):
        self.get_response = get_response
        super().__init__()
 
    def process_request(self, request):
        client_ip = request.META.get('HTTP_X_FORWARDED_FOR', '').split(',')[0] or \
                    request.META.get('REMOTE_ADDR', '')
        import time
        current_time = time.time()
 
        if client_ip in self.request_counts:
            timestamps = [t for t in self.request_counts[client_ip] if current_time - t < self.WINDOW_SECONDS]
            self.request_counts[client_ip] = timestamps
 
            if len(timestamps) >= self.RATE_LIMIT:
                return JsonResponse({'error': 'Rate limit exceeded'}, status=429)
 
            timestamps.append(current_time)
        else:
            self.request_counts[client_ip] = [current_time]
 
        request.client_ip = client_ip
        return None
 
    def process_response(self, request, response):
        response['X-RateLimit-Limit'] = str(self.RATE_LIMIT)
        response['X-RateLimit-Remaining'] = str(
            self.RATE_LIMIT - len(self.request_counts.get(getattr(request, 'client_ip', ''), []))
        )
        return response

django

Breakdown

import json

JSON module for potential response serialization

from django.http import JsonResponse

Django response class for JSON data

from django.utils.deprecation import MiddlewareMixin

Deprecated class for backward-compatible middleware

class RateLimitMiddleware(MiddlewareMixin):

Custom middleware class inheriting from MiddlewareMixin

request_counts = {}

Class-level dictionary storing request timestamps per IP

def __init__(self, get_response):

Middleware initialization with response callable

client_ip = request.META.get('HTTP_X_FORWARDED_FOR', '').split(',')[0] or \ request.META.get('REMOTE_ADDR', '')

Extract client IP from headers, handling proxies

if len(timestamps) >= self.RATE_LIMIT:

Check if rate limit exceeded for this IP

return JsonResponse({'error': 'Rate limit exceeded'}, status=429)

Return JSON error response with 429 status code

response['X-RateLimit-Limit'] = str(self.RATE_LIMIT)

Add rate limit headers to outgoing response

Previous snippet Next snippet

More Expert Python exercises →

From your library

Django Custom Middleware for Request/Response Processing

Related