Rate Limiting Guide

Overview

Cloudflare Rate Limiting automatically will identify and stop excessive requests from specific URLs or entire domains. Common uses for Rate Limiting are for DDoS protection, Brute-force protection, API calls, or any resources that make intensive database operations at your origin.

Analytics

You can view the analytics for Rate Limiting in Analytics > Security.

Getting Started

Rule Setting

Start your first rate limiting rule by setting rule settings.

Rule- Name your rule with something that reflects the fields.

Matching the URL- Match the URL that you with the Rate Limiting rule to apply to and add how many requests per 'unit of time'.

Advanced Rule Setting

Choose a method-

HTTP methods

GET- Get method requests a representation of the specified source. Get only retrieves data.

PUT- Put method replaces all current representations of the target resources with the request payload.

DELETE- Deletes the specified resource.

PATCH- Applies partial modifications to the resource.

HEAD- Method asks for a response identical to GET, but without the response body.

HTTP Header- Headers ensure that the correct data is returned to the browser.

Headers contain "Content-Type" which tells the browser the type of content that is returned. Another common one is "Server:" which contains info about the software that is used to handle the HTTP requests.

Choose Response-

The options for responses are: Managed Challenge, Block, Legacy CAPTCHA, Log, and JS Challenge.

Bypass Rule-

Select URLs that you don't want the response to apply to.