Cloudflare Rate Limiting

Cloudflare's Rate Limiting improves the availability and security of your online assets, such as websites or APIs, by providing extra protection against Layer 7 Denial of Service (DoS) attacks. Layer 7 DoS attacks send high volumes of HTTP requests designed to harm your application. Most of these attacks attempt to make your website or API inaccessible to legitimate users. Some attacks, such as brute-force, try to break through your login page by submitting credential combinations in high frequencies until they crack a legitimate password.

Bad actors continue to make their attacks appear more like legitimate traffic, making it increasingly difficult to block malicious requests without hurting real users. Rate Limiting gives you granular controls to detect bad traffic, customized rulesets to ensure that your legitimate visitors are not impacted, and insights to improve your security posture as attackers evolve.

Sign Up for Early Access

Fill out my online form.

Login Protection

Rate Limiting shapes how Internet traffic interacts with your application. Prevent brute force password cracking by setting a request threshold across login access points on your website or application. Suspicious IP addresses which trigger detection can be mitigated differently, based on threat level, to help ensure that legitimate users aren’t banned. As a result, real users can continue to login to your applications while truly bad traffic is stopped without consuming backend resources.

API Protection

Stop abusive traffic targeting your APIs by creating sophisticated detection rules, such as flexible rate limiting thresholds, URI wildcards, and detection criteria based on authentication tokens and origin response. Custom error responses let you provide actionable information for legitimate clients to successfully reach your APIs. Rulesets take less than a minute to replicate throughout our global network.

Site-Wide Protection

For site-wide rate limiting, Rate Limiting lets you configure a maximum number of requests per second across your entire website. Both your domain and subdomains are protected from volumetric requests coming from all IP addresses. Setting request thresholds using Rate Limiting, which matches the capacities of your origin server, provides additional protection against attacks, which can bring down your application, website, or API.

Insights

Rate Limiting insights provide information into the type of traffic being mitigated so you can fine-tune your security posture while ensuring availability to legitimate users. Rate Limiting insights tells you which parts of your applications, clients, and geographies are mitigated the most, so you can continue to respond to evolving bad actors and their threats.

Additional Benefits

Native CDN Integration

All traffic is routed through our next generation, global Content Delivery Network (CDN). Our platform was designed and built from the ground up to integrate emerging technologies to ensure our customers support the most advanced protocols on the web; today and tomorrow.

Layered Security

Our robust suite of security services include DDoS protection, a web application firewall (WAF), cutting edge encryption features, DNSSEC, and much more. Cloudflare operates at the edge of the network, making it possible to identify and mitigate threats before they ever reach your origin.

Innovative Technology

Cloudflare offers detailed insights, WebSockets support, HTTP/2 and Server Push, IPv6 compatibility, mobile image acceleration, content scraping prevention features, and much more. Cloudflare is backed by global technology powerhouses, including Microsoft, Google, Baidu and Qualcomm.

Setting Up Cloudflare Is Easy

Set up a domain in less than 5 minutes. Keep your hosting provider. No code changes required.

Cloudflare Pricing

Everyone’s Internet application can benefit from using Cloudflare.
Pick a plan that fits your needs.

Free $ 0 /mo per website
Expand to see more
For personal websites, blogs, and anyone who wants to explore Cloudflare.

Learn More

The Free Plan includes all of these features:
  • Limited DDoS protection
  • Global CDN
  • Shared SSL certificate
  • 3 page rules
Compare all features
PRO $ 20 /mo per website
Expand to see more
For professional websites, blogs, and portfolios requiring basic security and performance.

Learn More

The Pro Plan includes all of these features:
  • Basic web application firewall (WAF) with Cloudflare rulesets
  • Image optimizations with Polish™
  • Mobile optimizations with Mirage™
  • I'm Under Attack™ mode
  • 20 page rules
Compare all features
BUSINESS $ 200 /mo per website
Expand to see more
For small eCommerce websites and businesses requiring advanced security and performance, PCI compliance, and prioritized support.

Learn More

The Business Plan includes all of these features:
  • Advanced DDoS protection
  • Advanced web application firewall (WAF) with 25 custom rulesets
  • Custom SSL certificate upload
  • PCI compliance thanks to TLS 1.2 only mode and WAF
  • Accelerate delivery of dynamic content with Railgun™
  • Prioritized support
  • 50 page rules
Compare all features
Enterprise contact us
Expand to see more
For companies requiring enterprise-grade security and performance, 24/7/365 emergency support, and guaranteed uptime across one or more Internet assets.

Learn More

The Enterprise Plan includes all of these features:
  • 24/7/365 enterprise-grade phone and email support
  • 100% uptime guarantee with 25x reimbursement SLA
  • Advanced DDoS protection with prioritized IP ranges
  • Advanced web application firewall (WAF) with unlimited custom rulesets
  • Multiuser role-based account access
  • Multiple custom SSL certificate uploads
  • Access to raw logs
  • Dedicated solution and customer success engineers
  • Access to China CDN points of presence (Additional Cost)
  • 100 page rules
Compare all features

Free

$ 0 / mo
 
For personal websites, blogs, and anyone who wants to explore Cloudflare.

Pro

$ 20 / mo
per domain
For professional websites, blogs, and portfolios requiring basic security and performance.
MOST POPULAR

Business

$ 200 / mo
per domain
For small eCommerce websites and businesses requiring advanced security and performance, PCI compliance, and prioritized support.

Enterprise

Contact Us
 
For companies requiring enterprise-grade security and performance, 24/7/365 emergency support, and guaranteed uptime across one or more Internet assets.