Cloudflare Docs
Edit this page
Report an issue with this page
Log into the Cloudflare dashboard
Set theme to dark (⇧+D)

Troubleshoot Rate Limiting (previous version)

A few common rate limiting configuration issues prevent proper request matches:

  • Including HTTP or HTTPS protocol schemes in rule patterns (such as*). To restrict rules to match only HTTP or HTTPS traffic, use the schemes array in the request match. For example, "schemes": [ "HTTPS" ].
  • Forgetting a trailing slash character (/). Cloudflare Rate Limiting only treats requests for the homepage (such as and as equivalent, but not any other path (such as and To match request paths both with and without the trailing slash, use a wildcard match (for example,*).
  • Including a query string or anchor (such as or A rule like will match requests for
  • Overriding a rate limit with IP Access rules.
  • Including a port number (such as Rate Limiting does not consider port numbers within rules. Remove the port number from the URL so that the rate limit rule triggers as expected.

​​ Common API errors

The following common errors may prevent configuring rate limiting rules via the Cloudflare API:  

  • Decoding is not yet implemented – Indicates that your request is missing the Content-Type: application/json header. Add the header to your API request to fix the issue.
  • Ratelimit.api.not_entitled – Enterprise customers must contact their account team before adding rules.