Advanced Rate Limiting

Contain high precision distributed denial-of-service attacks with granular configuration options.

Count traffic on specific API attributes like tokens, API keys or cookies for API usage limits that ensure availability and stop abuse.

Protect sensitive customer information against brute force login attacks.

Enterprise customers get unmetered advanced rate limiting. Avoid unpredictable costs associated with traffic spikes and enumeration attacks.

TROY HUNT

Founder at HaveIBeenPwned.com

Protect your website URLs or API endpoints from suspicious requests that exceed defined thresholds. Granular configuration options include status codes, specific URLs, request limits, requests methods, and more.

Website and API visitors hitting defined request thresholds can trigger custom responses, such as mitigating actions (challenges or CAPTCHAS), response codes (Error 401 - Unauthorized), timeouts, and blocking.

Gain deep insights into traffic patterns to help scale and protect your resources. See how much malicious traffic is blocked by rule, how many requests make it to your origin, and more.

Cloudflare has been recognized as a Leader in the 2022 "Gartner Magic Quadrant for WAAP" report. We believe this recognition validates that we protect against emerging threats faster, offer tighter integration of security capabilities, and deliver powerful ease of use and deployment.