Skip to content

arcjet/example-flask

BranchesTags

Repository files navigation

Arcjet Logo

Arcjet example: Flask

Arcjet helps developers protect their apps in just a few lines of code. Bot detection. Rate limiting. Email validation. Attack protection. Data redaction. A developer-first approach to security.

This is an example Flask application demonstrating how to protect a website from abuse.

Features

  • Bot protection shows how the site can be protected from automated clients.
  • Rate limiting shows a rate limit configuration that limits the number of requests from a single IP.
  • Attack protection demonstrates Arcjet Shield, which detects suspicious behavior, such as SQL injection and cross-site scripting attacks.

Run locally

  1. Register for a free Arcjet account.

  2. Install dependencies:

  3. Register for a free Arcjet account.

  4. Install dependencies:

uv sync

  1. Rename .env.example to .env and add your Arcjet key.

  2. Start the dev server

uv run --env-file=.env flask run --reload
  1. Open http://localhost:5000 in your browser.

Try it out

Here are some API routes to try out:

Bot protection

The /bots route uses Arcjet Bot protection to block all automated clients curl is considered an automated client by default, so you can test it with:

curl -v http://localhost:5000/bots

Rate limiting

The /rate-limiting route uses a fixed window rate limit. Send 3 requests in quick succession to see the rate limit in action:

curl -v http://localhost:5000/rate-limiting

Attack protection

The /attack route uses Arcjet Shield to detect and block attacks, such as SQL injection and cross-site scripting. To simulate an attack, send a request with the special header:

curl -v http://localhost:5000/attack \
  -H "x-arcjet-suspicious: true"

After the 5th request, your IP will be blocked for 15 minutes. Suspicious requests must meet a threshold before they are blocked to avoid false positives.

Stack

Need help?

Check out the docs, contact support, or join our Discord server.

Contributing

All development for Arcjet examples is done in the arcjet/examples repository.

You are welcome to open an issue here or in arcjet/examples directly. However, please direct all pull requests to arcjet/examples. Take a look at our contributing guide for more information.

About

An example Flask application protected by Arcjet

Resources

Readme

Security policy

Security policy
Activity
Custom properties

Stars

0 stars

Watchers

0 watching

Forks

0 forks
Report repository

Releases

No releases published

Packages

No packages published

Languages