Granular controls to block abuse
Advanced rate limiting protects against denial-of-service attacks, brute-force login attempts, API traffic surges and other types of abuse targeting APIs and applications.
Advanced Rate Limiting is integrated with our Web Application Firewall (WAF) and is part of Cloudflare’s application security portfolio.
Enterprise customers get unmetered Advanced Rate Limiting.
Looking for enterprise-grade solutions? Contact Sales
Layer 7 DDoS Mitigation
Contain high precision distributed denial-of-service attacks with granular configuration options.
API Protection
Count traffic on specific API attributes like tokens, API keys or cookies for API usage limits that ensure availability and stop abuse.
Brute Force Protection
Protect sensitive customer information against brute force login attacks.
Transparent and Cost-Effective
Enterprise customers get unmetered advanced rate limiting. Avoid unpredictable costs associated with traffic spikes and enumeration attacks.
This interactive demo provides three different scenarios on how to utilize rate limiting to protect your endpoints from suspicious requests. Select one of the demos below to see rate limiting in action.
This example demonstrates the ability to limit the number of login attempts. Visitors get 2 login attempts per minute. If they exceed this threshold, the will be denied the ability to login for 5 minutes.
Brute Force Login Protection
API Abuse Protection
High Precision DDoS Protection
Login
Attempting login . . .
You have made too many login attempts. Try again in 5 minutes
Login attempt successful and not blocked. Try again
Sophisticated DDoS attacks are difficult to mitigate because they come from a large number of unique IP addresses and mimic legitimate traffic. The demo below uses Rate Limiting to allow up to 2 requests per minute before blocking a potential DDoS attack.
curl -X GET "https://api.cloudflare.com/client/v4/zones/cd7d0123e3012345da9420df9514dad0"
Protect your website URLs or API endpoints from suspicious requests that exceed defined thresholds. Granular configuration options include status codes, specific URLs, request limits, requests methods, and more.
Website and API visitors hitting defined request thresholds can trigger custom responses, such as mitigating actions (challenges or CAPTCHAS), response codes (Error 401 - Unauthorized), timeouts, and blocking.
Gain deep insights into traffic patterns to help scale and protect your resources. See how much malicious traffic is blocked by rule, how many requests make it to your origin, and more.
Cloudflare Rate Limiting
Door dit formulier in te dienen, ga je ermee akkoord informatie van Cloudflare te ontvangen met betrekking tot onze producten, evenementen en speciale aanbiedingen. Je kunt je op elk moment afmelden voor dergelijke berichten. We verkopen je gegevens nooit en we respecteren je privacyvoorkeuren. Raadpleeg ons privacybeleid voor informatie.
To provide you with the best possible experience on our website, we may use cookies, as described here.By clicking accept, closing this banner, or continuing to browse our websites, you consent to the use of such cookies.