Rate Limiting
این محتوا هنوز به زبان شما در دسترس نیست.
Rate limiting sets a limit on how many requests one visitor can make in a short time. If someone goes over the limit, nsin slows them down or blocks them for a while. This protects your site from abuse, like someone hammering your login page or trying to overload your server.
When to use rate limiting
Section titled “When to use rate limiting”- Protect your login or sign-up pages from password-guessing.
- Stop someone from scraping (copying your whole site automatically).
- Keep a heavy page (like search) from being overloaded.
- Calm down traffic spikes that could slow your site down for everyone.
Create a rate limit rule
Section titled “Create a rate limit rule”- Go to Rules → Add Rule → Rate Limiting.
- Set the When (which addresses to protect). For example:
/loginto protect your login page.
- Set the limit, which has two parts:
- How many requests are allowed (for example
10). - In how long (for example
1 minute).
- How many requests are allowed (for example
- Choose what happens when someone goes over:
- Block them for a set time, or
- Show a challenge to prove they’re human.
- Save.
A simple example
Section titled “A simple example”Protect login: allow 5 attempts per minute. After that, block for 10 minutes.
This lets normal people log in but stops a program from trying thousands of passwords.
Tips for picking a limit
Section titled “Tips for picking a limit”- Start a little higher than normal use, then lower it if needed.
- Real people are slow; bad bots are fast. A limit that feels generous to humans still stops most bots.
- Watch your traffic for a few days before tightening the limit.
Common questions
Section titled “Common questions”Will this block my real visitors? Not if you set a sensible limit. Most people never come close to it.
Someone hit the limit by accident. The block is temporary — it clears on its own after the time you set.
I want stronger protection. Combine rate limiting with the WAF for the best results.