Limit requests for non 2xx response globally

[severien]

It would be nice to define global rate limits for non 2xx responses.
Since the limits are tied to the routes it is not possible to define limits for requests that have response other than 2xx. As an example when requests are done for paths that generates a 404 response its not possible to rate limit these requests. This can pose a security risk, where a caller can DDoS on Not Found paths or try to scan your API to find valid paths.

I attempted calling the the limit inside an after_request function to apply a deduct_when function, but noticed that the __check_request_limit is tied to the view routes, so its not possible to call the limiter outside of the decorator scope.

My failed attempt to limit on 404:

    @app.after_request
    def limit_non_success_response(response):
        def deduction():
            return response.status_code >= 400

        global_limiter.limit(
            limit_value="2/minute",
            key_func=throttling_key,
            deduct_when=deduction
        )

        return response

[alisaifee]

This was brought up before in #201 I wonder if that solution works for you?

[alisaifee]

Closing due to inactivity