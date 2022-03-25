Common rate limiting use cases

The examples below include sample rate limiting rule configurations that address common rate limiting use cases.

​​ Example 1

The following rule performs rate limiting on incoming requests from the US addressed at the login page, except for one allowed IP address.

Expression:

(http.request.uri.path eq "/login" and ip.geoip.country eq "US" and ip.src ne 192.0.0.1) Rule characteristics: Data center ID (included by default when creating the rule in the dashboard)

IP Address

​​ Example 2

The following rule performs rate limiting on incoming requests with a given base URI path, incrementing on the IP address and the provided API key.

Expression:

(http.request.uri.path contains "/product*" and http.request.method eq "POST") Rule characteristics: Data center ID (included by default when creating the rule in the dashboard)

IP Address

HTTP Header > x-api-key

​​ Example 3

The following rule performs rate limiting on requests targeting multiple URI paths in two hosts, excluding known bots. The request rate is based on IP address and User-Agent values.