Attack Simulation Parameters
500,000 requests
30%
Python Rate Limiting Implementation
python
rate_limiter.py
Toggle Expand
from flask import Flask, request
from flask_limiter import Limiter
from flask_limiter.util import get_remote_address
app = Flask(__name__)
limiter = Limiter(app, key_func=get_remote_address,
default_limits=["200 per day", "50 per hour"])
@app.route("/api", methods=["GET"])
@limiter.limit("10/minute")
def api():
if request.headers.get('X-API-KEY') != 'YOUR_SECRET_KEY':
return "Unauthorized", 401
return "Response", 200
if __name__ == "__main__":
app.run()
Live Mitigation Test
🧩 Bonus Challenge
Implement a basic WAF rule to drop traffic with suspicious User-Agent strings.