I'm having a problem with SlowAPI. All requests are limited according to the middleware, but I cannot manage to jointly limit all requests under the path /schools/

My code:

from fastapi import FastAPI, Request, Response, status
from fastapi.middleware.cors import CORSMiddleware
from slowapi import Limiter, _rate_limit_exceeded_handler
from slowapi.util import get_remote_address
from slowapi.errors import RateLimitExceeded
from slowapi.middleware import SlowAPIMiddleware

limiter = Limiter(key_func=get_remote_address, default_limits=["2/5seconds"])
app = FastAPI()
app.state.limiter = limiter
app.add_exception_handler(RateLimitExceeded, _rate_limit_exceeded_handler)

origins = ["http://127.0.0.1/", "http://localhost", "http://192.168.1.75"] ## CORS

app.add_middleware(
    CORSMiddleware,
    allow_origins=origins,
    allow_credentials=True,
    allow_methods=["*"],
    allow_headers=["*"],
)
app.add_middleware(SlowAPIMiddleware) ## Rate-limit all request

@app.get('/schools/{regione}/{provincia}/{comune}')
def search_school(request: Request, response: Response, regione: str, provincia: str, comune: str):
        return {"message": 'No schools found!', "status": 'error', "code": 200} ## Or if found return schools informations

@app.get('/testpath/{regione}') ## Works with one path. If I add "provincia" and "comune" non work
def search_school(request: Request, response: Response, regione: str, provincia: str, comune: str):
        return {"message": 'No schools found!', "status": 'error', "code": 200} ## Or if found return schools informations

When i send a request to /schools/{region}/{province}/{city} with jQuery the whole url is limited and therefore if I change region or province the limits are reset. How can I make myself apply settings for /schools/*

Example:

2 request every 5 seconds

If i send to request to apiURL+/schools/Lombardy/Milan/Milan the limit increases by 1 and if i made anothe 2 request at the third I get blocked.

But if instead of making it to the same domain, I change the city (apiURL+/schools/Sicily/Palermo/Palermo), the limit resets and returns to 1

Option 1

Define application_limits when instantiating the Limiter class, as shown below. As per the documentation,

application_limits: a variable list of strings or callables returning strings for limits that are applied to the entire application (i.e., a shared limit for all routes)

Thus, the below would apply a shared limit to all /schools/* routes, as well as any other route that might be in your application (e.g., /testpath/*, /some-other-route/, and so on), meaning that, only two requests per 5 seconds would go through by each client (regardless of the endpoint they would call).

limiter = Limiter(key_func=get_remote_address, application_limits=["2/5seconds"])

Option 2

Apply a shared limit only to the endpoints you wish, using shared_limit. As per the documentation:

shared_limit: Decorator to be applied to multiple routes sharing the same rate limit.

Thus, the below would apply a shared limit only to /schools/* routes.

limiter = Limiter(key_func=get_remote_address, default_limits=["2/5seconds"])

@app.get('/schools/{regione}/{provincia}/{comune}')
@limiter.shared_limit(limit_value="2/5seconds", scope="schools") 
def search_school(request: Request, response: Response, regione: str, provincia: str, comune: str):
        return {"message": 'No schools found!', "status": 'error', "code": 200}