Skip to content
Cloudflare API
Start here
API Reference
Rate Limits

Update a rate limit

Deprecated
client.RateLimits.Edit(ctx, rateLimitID, params) (*RateLimit, error)
PUT/zones/{zone_id}/rate_limits/{rate_limit_id}

Updates an existing rate limit.

Security
API Token

The preferred authorization scheme for interacting with the Cloudflare API. Create a token.

Example:Authorization: Bearer Sn3lZJTBX6kkg7OdcBUAxOO963GEIyGQqnFTOFYY
API Email + API Key

The previous authorization scheme for interacting with the Cloudflare API, used in conjunction with a Global API key.

Example:X-Auth-Email: user@example.com

The previous authorization scheme for interacting with the Cloudflare API. When possible, use API tokens instead of Global API keys.

Example:X-Auth-Key: 144c9defac04969c7bfad8efaa8ea194
Accepted Permissions (at least one required)
Firewall Services Write
ParametersExpand Collapse
rateLimitID string

Defines the unique identifier of the rate limit.

maxLength32
params RateLimitEditParams
ZoneID param.Field[string]

Path param: Defines an identifier.

maxLength32
Action param.Field[RateLimitEditParamsAction]

Body param: The action to perform when the threshold of matched traffic within the configured period is exceeded.

Mode RateLimitEditParamsActionModeoptional

The action to perform.

One of the following:
const RateLimitEditParamsActionModeSimulate RateLimitEditParamsActionMode = "simulate"
const RateLimitEditParamsActionModeBan RateLimitEditParamsActionMode = "ban"
const RateLimitEditParamsActionModeChallenge RateLimitEditParamsActionMode = "challenge"
const RateLimitEditParamsActionModeJSChallenge RateLimitEditParamsActionMode = "js_challenge"
const RateLimitEditParamsActionModeManagedChallenge RateLimitEditParamsActionMode = "managed_challenge"
Response RateLimitEditParamsActionResponseoptional

A custom content type and reponse to return when the threshold is exceeded. The custom response configured in this object will override the custom error for the zone. This object is optional. Notes: If you omit this object, Cloudflare will use the default HTML error page. If "mode" is "challenge", "managed_challenge", or "js_challenge", Cloudflare will use the zone challenge pages and you should not provide the "response" object.

Body stringoptional

The response body to return. The value must conform to the configured content type.

maxLength10240
ContentType stringoptional

The content type of the body. Must be one of the following: text/plain, text/xml, or application/json.

maxLength50
Timeout float64optional

The time in seconds during which Cloudflare will perform the mitigation action. Must be an integer value greater than or equal to the period. Notes: If "mode" is "challenge", "managed_challenge", or "js_challenge", Cloudflare will use the zone's Challenge Passage time and you should not provide this value.

maximum86400
minimum1
Match param.Field[RateLimitEditParamsMatch]

Body param: Determines which traffic the rate limit counts towards the threshold.

Headers []RateLimitEditParamsMatchHeaderoptional
Name stringoptional

The name of the response header to match.

Op RateLimitEditParamsMatchHeadersOpoptional

The operator used when matching: eq means "equal" and ne means "not equal".

One of the following:
const RateLimitEditParamsMatchHeadersOpEq RateLimitEditParamsMatchHeadersOp = "eq"
const RateLimitEditParamsMatchHeadersOpNe RateLimitEditParamsMatchHeadersOp = "ne"
Value stringoptional

The value of the response header, which must match exactly.

Request RateLimitEditParamsMatchRequestoptional
Methods []RateLimitEditParamsMatchRequestMethodoptional

The HTTP methods to match. You can specify a subset (for example, ['POST','PUT']) or all methods (['_ALL_']). This field is optional when creating a rate limit.

One of the following:
const RateLimitEditParamsMatchRequestMethodGet RateLimitEditParamsMatchRequestMethod = "GET"
const RateLimitEditParamsMatchRequestMethodPost RateLimitEditParamsMatchRequestMethod = "POST"
const RateLimitEditParamsMatchRequestMethodPut RateLimitEditParamsMatchRequestMethod = "PUT"
const RateLimitEditParamsMatchRequestMethodDelete RateLimitEditParamsMatchRequestMethod = "DELETE"
const RateLimitEditParamsMatchRequestMethodPatch RateLimitEditParamsMatchRequestMethod = "PATCH"
const RateLimitEditParamsMatchRequestMethodHead RateLimitEditParamsMatchRequestMethod = "HEAD"
const RateLimitEditParamsMatchRequestMethod_All RateLimitEditParamsMatchRequestMethod = "_ALL_"
Schemes []stringoptional

The HTTP schemes to match. You can specify one scheme (['HTTPS']), both schemes (['HTTP','HTTPS']), or all schemes (['_ALL_']). This field is optional.

URL stringoptional

The URL pattern to match, composed of a host and a path such as example.org/path*. Normalization is applied before the pattern is matched. * wildcards are expanded to match applicable traffic. Query strings are not matched. Set the value to * to match all traffic to your zone.

maxLength1024
Response RateLimitEditParamsMatchResponseoptional
OriginTraffic booloptional

When true, only the uncached traffic served from your origin servers will count towards rate limiting. In this case, any cached traffic served by Cloudflare will not count towards rate limiting. This field is optional. Notes: This field is deprecated. Instead, use response headers and set "origin_traffic" to "false" to avoid legacy behaviour interacting with the "response_headers" property.

Period param.Field[float64]

Body param: The time in seconds (an integer value) to count matching traffic. If the count exceeds the configured threshold within this period, Cloudflare will perform the configured action.

maximum86400
minimum10
Threshold param.Field[float64]

Body param: The threshold that will trigger the configured mitigation action. Configure this value along with the period property to establish a threshold per period.

minimum1
ReturnsExpand Collapse
type RateLimit struct{…}
ID stringoptional

The unique identifier of the rate limit.

maxLength32
Action RateLimitActionoptional

The action to perform when the threshold of matched traffic within the configured period is exceeded.

Mode RateLimitActionModeoptional

The action to perform.

One of the following:
const RateLimitActionModeSimulate RateLimitActionMode = "simulate"
const RateLimitActionModeBan RateLimitActionMode = "ban"
const RateLimitActionModeChallenge RateLimitActionMode = "challenge"
const RateLimitActionModeJSChallenge RateLimitActionMode = "js_challenge"
const RateLimitActionModeManagedChallenge RateLimitActionMode = "managed_challenge"
Response RateLimitActionResponseoptional

A custom content type and reponse to return when the threshold is exceeded. The custom response configured in this object will override the custom error for the zone. This object is optional. Notes: If you omit this object, Cloudflare will use the default HTML error page. If "mode" is "challenge", "managed_challenge", or "js_challenge", Cloudflare will use the zone challenge pages and you should not provide the "response" object.

Body stringoptional

The response body to return. The value must conform to the configured content type.

maxLength10240
ContentType stringoptional

The content type of the body. Must be one of the following: text/plain, text/xml, or application/json.

maxLength50
Timeout float64optional

The time in seconds during which Cloudflare will perform the mitigation action. Must be an integer value greater than or equal to the period. Notes: If "mode" is "challenge", "managed_challenge", or "js_challenge", Cloudflare will use the zone's Challenge Passage time and you should not provide this value.

maximum86400
minimum1
Bypass []RateLimitBypassoptional

Criteria specifying when the current rate limit should be bypassed. You can specify that the rate limit should not apply to one or more URLs.

Name RateLimitBypassNameoptional
Value stringoptional

The URL to bypass.

Description stringoptional

An informative summary of the rule. This value is sanitized and any tags will be removed.

maxLength1024
Disabled booloptional

When true, indicates that the rate limit is currently disabled.

Match RateLimitMatchoptional

Determines which traffic the rate limit counts towards the threshold.

Headers []RateLimitMatchHeaderoptional
Name stringoptional

The name of the response header to match.

Op RateLimitMatchHeadersOpoptional

The operator used when matching: eq means "equal" and ne means "not equal".

One of the following:
const RateLimitMatchHeadersOpEq RateLimitMatchHeadersOp = "eq"
const RateLimitMatchHeadersOpNe RateLimitMatchHeadersOp = "ne"
Value stringoptional

The value of the response header, which must match exactly.

Request RateLimitMatchRequestoptional
Methods []RateLimitMatchRequestMethodoptional

The HTTP methods to match. You can specify a subset (for example, ['POST','PUT']) or all methods (['_ALL_']). This field is optional when creating a rate limit.

One of the following:
const RateLimitMatchRequestMethodGet RateLimitMatchRequestMethod = "GET"
const RateLimitMatchRequestMethodPost RateLimitMatchRequestMethod = "POST"
const RateLimitMatchRequestMethodPut RateLimitMatchRequestMethod = "PUT"
const RateLimitMatchRequestMethodDelete RateLimitMatchRequestMethod = "DELETE"
const RateLimitMatchRequestMethodPatch RateLimitMatchRequestMethod = "PATCH"
const RateLimitMatchRequestMethodHead RateLimitMatchRequestMethod = "HEAD"
const RateLimitMatchRequestMethod_All RateLimitMatchRequestMethod = "_ALL_"
Schemes []stringoptional

The HTTP schemes to match. You can specify one scheme (['HTTPS']), both schemes (['HTTP','HTTPS']), or all schemes (['_ALL_']). This field is optional.

URL stringoptional

The URL pattern to match, composed of a host and a path such as example.org/path*. Normalization is applied before the pattern is matched. * wildcards are expanded to match applicable traffic. Query strings are not matched. Set the value to * to match all traffic to your zone.

maxLength1024
Response RateLimitMatchResponseoptional
OriginTraffic booloptional

When true, only the uncached traffic served from your origin servers will count towards rate limiting. In this case, any cached traffic served by Cloudflare will not count towards rate limiting. This field is optional. Notes: This field is deprecated. Instead, use response headers and set "origin_traffic" to "false" to avoid legacy behaviour interacting with the "response_headers" property.

Period float64optional

The time in seconds (an integer value) to count matching traffic. If the count exceeds the configured threshold within this period, Cloudflare will perform the configured action.

maximum86400
minimum10
Threshold float64optional

The threshold that will trigger the configured mitigation action. Configure this value along with the period property to establish a threshold per period.

minimum1

Update a rate limit

package main

import (
  "context"
  "fmt"

  "github.com/cloudflare/cloudflare-go"
  "github.com/cloudflare/cloudflare-go/option"
  "github.com/cloudflare/cloudflare-go/rate_limits"
)

func main() {
  client := cloudflare.NewClient(
    option.WithAPIToken("Sn3lZJTBX6kkg7OdcBUAxOO963GEIyGQqnFTOFYY"),
  )
  rateLimit, err := client.RateLimits.Edit(
    context.TODO(),
    "372e67954025e0ba6aaa6d586b9e0b59",
    rate_limits.RateLimitEditParams{
      ZoneID: cloudflare.F("023e105f4ecef8ad9ca31a8372d0c353"),
      Action: cloudflare.F(rate_limits.RateLimitEditParamsAction{

      }),
      Match: cloudflare.F(rate_limits.RateLimitEditParamsMatch{

      }),
      Period: cloudflare.F(900.000000),
      Threshold: cloudflare.F(60.000000),
    },
  )
  if err != nil {
    panic(err.Error())
  }
  fmt.Printf("%+v\n", rateLimit.ID)
}

{
  "errors": [
    {
      "code": 1000,
      "message": "message",
      "documentation_url": "documentation_url",
      "source": {
        "pointer": "pointer"
      }
    }
  ],
  "messages": [
    {
      "code": 1000,
      "message": "message",
      "documentation_url": "documentation_url",
      "source": {
        "pointer": "pointer"
      }
    }
  ],
  "result": {
    "id": "372e67954025e0ba6aaa6d586b9e0b59",
    "action": {
      "mode": "challenge",
      "response": {
        "body": "<error>This request has been rate-limited.</error>",
        "content_type": "text/xml"
      },
      "timeout": 86400
    },
    "bypass": [
      {
        "name": "url",
        "value": "api.example.com/*"
      }
    ],
    "description": "Prevent multiple login failures to mitigate brute force attacks",
    "disabled": false,
    "match": {
      "headers": [
        {
          "name": "Cf-Cache-Status",
          "op": "ne",
          "value": "HIT"
        }
      ],
      "request": {
        "methods": [
          "GET",
          "POST"
        ],
        "schemes": [
          "HTTP",
          "HTTPS"
        ],
        "url": "*.example.org/path*"
      },
      "response": {
        "origin_traffic": true
      }
    },
    "period": 900,
    "threshold": 60
  },
  "success": true
}
Returns Examples
{
  "errors": [
    {
      "code": 1000,
      "message": "message",
      "documentation_url": "documentation_url",
      "source": {
        "pointer": "pointer"
      }
    }
  ],
  "messages": [
    {
      "code": 1000,
      "message": "message",
      "documentation_url": "documentation_url",
      "source": {
        "pointer": "pointer"
      }
    }
  ],
  "result": {
    "id": "372e67954025e0ba6aaa6d586b9e0b59",
    "action": {
      "mode": "challenge",
      "response": {
        "body": "<error>This request has been rate-limited.</error>",
        "content_type": "text/xml"
      },
      "timeout": 86400
    },
    "bypass": [
      {
        "name": "url",
        "value": "api.example.com/*"
      }
    ],
    "description": "Prevent multiple login failures to mitigate brute force attacks",
    "disabled": false,
    "match": {
      "headers": [
        {
          "name": "Cf-Cache-Status",
          "op": "ne",
          "value": "HIT"
        }
      ],
      "request": {
        "methods": [
          "GET",
          "POST"
        ],
        "schemes": [
          "HTTP",
          "HTTPS"
        ],
        "url": "*.example.org/path*"
      },
      "response": {
        "origin_traffic": true
      }
    },
    "period": 900,
    "threshold": 60
  },
  "success": true
}