Control to block suspicious visitors

Rate Limiting protects against denial-of-service attacks, brute-force login attempts, and other types of abusive behavior targeting the application layer.

Cloudflare’s 42 Tbps global anycast network is 15x bigger than the largest DDoS attack ever recorded, allowing all internet assets on Cloudflare’s network to withstand even massive DDoS attacks.

Rate Limiting provides the ability to configure thresholds, define responses, and gain valuable insights into specific URLs of websites, applications, or API endpoints. It adds granular HTTP/HTTPS traffic control to complement Cloudflare’s DDoS protection and Web Application Firewall (WAF) solutions. Cloudflare charges based on “good” requests i.e requests that match a rule you have created and are allowed to origin servers. This also reduces bandwidth costs by eliminating unpredictable traffic spikes or attacks.

Layer 7 DDoS Mitigation

High precision distributed denial-of-service protection through granular configuration options.

API Protection

API Protection

Set API usage limits to ensure availability and protect against abuse.Brute Force Protection

Brute Force Protection

Protect sensitive customer information against brute force login attacks.Cost Savings

Cost Savings

Avoid unpredictable costs associated with traffic spikes or attacks on auto-scaling resources by only allowing good traffic through.

Configure Thresholds

Protect your website URLs or API endpoints from suspicious requests that exceed defined thresholds. Granular configuration options including request limits, requests methods, and more.

Define Responses

Website and API visitors hitting defined request thresholds can trigger custom responses, such as mitigating actions (challenges or CAPTCHAS), response codes (Error 401 – Unauthorized), timeouts, and blocking.

rate limiting insights 1

Analytical Insight

Gain deep insights into traffic patterns to help scale and protect your resources. See how much malicious traffic is blocked by rule, how many requests make it to your origin, and more.

Only Pay for Good Traffic. Not Bad.

Cloudflare Rate Limiting can be activated for free. Self-serve plans include 10,000 free requests per month and Enterprise plans allow for unlimited rate limiting. We only charge for good traffic passing through the rate limited endpoints of your website or API. Good traffic means requests that do not exceed your rate limited thresholds.

For inquiries, email us at



No responses yet

Leave a Reply

Your email address will not be published. Required fields are marked *