Skip to content

Rate limiter blocks access when there are multiple users behind a NAT network

Summary

If multiple users are behind a NAT network the rate limiter doesn't allow access to the website. If I remember correctly some mobile broadband ISPs uses NAT or at least have previously used NAT.

Steps to reproduce the issue

  1. Open URL http://staging.my-first-project-301714.ew.r.appspot.com/
  2. Keep key F5 down for a while.
  3. Text "Too Many Requests" is displayed.

Current bug behavior

Rate limiter blocks access to the map.

Expected correct behavior

Map can be accessed even if there are multiple users behind a NAT or a user refreshes the page too often.

Relevant logs and/or screenshots

None

Possible fixes

Staging branch commit 7c2cf734, main.py line 40

https://flask-limiter.readthedocs.io/en/stable/#flask_limiter.util.get_remote_address

Currently the rate limiter works with IP addresses according to the get_remote_address documentation. Use rate limiter only for HTTP POST for example? At least the map page will work then.