Expression:
(http.request.uri.path eq "/login" and ip.src.country eq "US" and ip.src ne 192.0.0.1)
Rule characteristics:
- Data center ID (included by default when creating the rule in the dashboard)
- IP Address
The examples below include sample rate limiting rule configurations.
The following rule performs rate limiting on incoming requests from the US addressed at the login page, except for one allowed IP address.
Expression:
(http.request.uri.path eq "/login" and ip.src.country eq "US" and ip.src ne 192.0.0.1)
Rule characteristics:
The following rule performs rate limiting on incoming requests with a given base URI path, incrementing on the IP address and the provided API key.
Expression:
(http.request.uri.path contains "/product" and http.request.method eq "POST")
Rule characteristics:
x-api-key
The following rule performs rate limiting on requests targeting multiple URI paths in two hosts, excluding known bots. The request rate is based on IP address and User-Agent
values.
Expression:
(http.request.uri.path eq "/store" or http.request.uri.path eq "/prices") and (http.host eq "mystore1.com" or http.host eq "mystore2.com") and not cf.client.bot
Rule characteristics:
user-agent