☁️
Cloudflare Guides
  • WAF (Web Application Firewall)
    • Guides
      • Log Guide
        • Page 6
        • Page 1
        • Page 2
        • Page 4
      • Block Guide
        • Block a Browser
        • Block a Country
        • Block a Continent
        • Block by IP Address
      • Managed Challenges Guide
        • Managed Challenge IP Range
        • Managed Challenge Browser
        • Managed Challenge Continent
        • Managed Challenge Country
      • Legacy Captcha Guide
        • Legacy CAPTCHA IP Address
        • Legacy CAPTCHA for Country
        • Legacy CAPTCHA by Browser
        • Legacy CAPTCHA Continent
      • Rate Limiting Guide
      • Bots Guide
  • DNS Guide
  • Speed Optimization
  • Fundamentals
  • Network Linux Commands
  • WireShark
  • SSL/TLS
  • DNS Query
Powered by GitBook
On this page
  • Overview
  • Analytics
  • Getting Started
  • Rule Setting
  • Advanced Rule Setting
  1. WAF (Web Application Firewall)
  2. Guides

Rate Limiting Guide

PreviousLegacy CAPTCHA ContinentNextBots Guide

Last updated 2 years ago

Overview

Cloudflare Rate Limiting automatically will identify and stop excessive requests from specific URLs or entire domains. Common uses for Rate Limiting are for DDoS protection, Brute-force protection, API calls, or any resources that make intensive database operations at your origin.

Analytics

You can view the analytics for Rate Limiting in Analytics > Security.

Getting Started

Rule Setting

Start your first rate limiting rule by setting rule settings.

Rule- Name your rule with something that reflects the fields.

Matching the URL- Match the URL that you with the Rate Limiting rule to apply to and add how many requests per 'unit of time'.

Advanced Rule Setting

Choose a method-

HTTP methods

GET- Get method requests a representation of the specified source. Get only retrieves data.

PUT- Put method replaces all current representations of the target resources with the request payload.

DELETE- Deletes the specified resource.

PATCH- Applies partial modifications to the resource.

HEAD- Method asks for a response identical to GET, but without the response body.

HTTP Header- Headers ensure that the correct data is returned to the browser.

Headers contain "Content-Type" which tells the browser the type of content that is returned. Another common one is "Server:" which contains info about the software that is used to handle the HTTP requests.

Choose Response-

The options for responses are: Managed Challenge, Block, Legacy CAPTCHA, Log, and JS Challenge.

Bypass Rule-

Select URLs that you don't want the response to apply to.