Cloudflare's Rate Limiting improves the availability and security of your online assets, such as websites or APIs, by providing extra protection against Layer 7 Denial of Service (DoS) attacks. Layer 7 DoS attacks send high volumes of HTTP requests designed to harm your application. Most of these attacks attempt to make your website or API inaccessible to legitimate users. Some attacks, such as brute-force, try to break through your login page by submitting credential combinations in high frequencies until they crack a legitimate password.
Bad actors continue to make their attacks appear more like legitimate traffic, making it increasingly difficult to block malicious requests without hurting real users. Rate Limiting gives you granular controls to detect bad traffic, customized rulesets to ensure that your legitimate visitors are not impacted, and insights to improve your security posture as attackers evolve.
Rate Limiting shapes how Internet traffic interacts with your application. Prevent brute force password cracking by setting a request threshold across login access points on your website or application. Suspicious IP addresses which trigger detection can be mitigated differently, based on threat level, to help ensure that legitimate users aren’t banned. As a result, real users can continue to login to your applications while truly bad traffic is stopped without consuming backend resources.
Stop abusive traffic targeting your APIs by creating sophisticated detection rules, such as flexible rate limiting thresholds, URI wildcards, and detection criteria based on authentication tokens and origin response. Custom error responses let you provide actionable information for legitimate clients to successfully reach your APIs. Rulesets take less than a minute to replicate throughout our global network.
Rate Limiting mitigates requests that exceed a specified threshold. Mitigation actions can be as benign as logging a request, to presenting visitors a CAPTCHA, or completely blocking any future requests from the source.
For site-wide rate limiting, Rate Limiting lets you configure a maximum number of requests per second across your entire website. Both your domain and subdomains are protected from volumetric requests coming from all IP addresses. Setting request thresholds using Rate Limiting, which matches the capacities of your origin server, provides additional protection against attacks, which can bring down your application, website, or API.
Rate Limiting insights provide information into the type of traffic being mitigated so you can fine-tune your security posture while ensuring availability to legitimate users. Rate Limiting insights tells you which parts of your applications, clients, and geographies are mitigated the most, so you can continue to respond to evolving bad actors and their threats.
All traffic is routed through our next generation, global Content Delivery Network (CDN). Our platform was designed and built from the ground up to integrate emerging technologies to ensure our customers support the most advanced protocols on the web; today and tomorrow.
Our robust suite of security services include DDoS protection, a web application firewall (WAF), cutting edge encryption features, DNSSEC, and much more. Cloudflare operates at the edge of the network, making it possible to identify and mitigate threats before they ever reach your origin.
Cloudflare offers detailed insights, WebSockets support, HTTP/2 and Server Push, IPv6 compatibility, mobile image acceleration, content scraping prevention features, and much more. Cloudflare is backed by global technology powerhouses, including Microsoft, Google, Baidu and Qualcomm.
Set up a domain in less than 5 minutes. Keep your hosting provider. No code changes required.
Everyone’s Internet application can benefit from using Cloudflare.
Pick a plan that fits your needs.