Rate limiting rules
Rate limiting rules allow you to define rate limits for requests matching an expression, and the action to perform when those rate limits are reached.
Like other rules evaluated by Cloudflare’s Ruleset Engine, rate limiting rules have an associated expression and an action.
The expression specifies the criteria you are matching traffic on using the . The action specifies what to perform when there is a match for the rule and any additional conditions are met. In the case of rate limiting rules, the action occurs when the rate reaches the specified limit.
Besides these two parameters, rate limiting rules require the following additional parameters:
- Characteristics — The set of parameters that define how Cloudflare tracks the rate for this rule.
- Period — The period of time to consider (in seconds) when evaluating the rate.
- Requests per period — The number of requests over the period of time that will trigger the rate limiting rule.
- Mitigation timeout — Once the rate is reached, the rate limiting rule blocks further requests for the period of time defined in this field.
Rate limiting rules are available to all customers. The available features depend on the exact plan:
You can configure rate limiting rules at the zone level and at the account level, depending on your plan and product subscriptions.
To configure rate limiting rules in the Cloudflare dashboard, refer to the following resources: