How does Rate Limiting work?

Well, i think the slide window algorithm is great! Yet i’m confused about when the increasemnt job runs asynchronously ,the request rate in the current minute(in the article, e.g. 18), what this “rate" means? I guess it is the total request in a Pop, but how can we get these number efficiently, you know the latency will be high if spawns a query to the data center per request.

I have read the article/How we built rate limiting capable of scaling to millions of domains.
Well, i think the slide window algorithm is great! Yet i’m confused about when the increasemnt job runs asynchronously ,the request rate in the current minute(in the article, e.g. 18), what this “rate" means? I guess it is the total requests in a Pop, but how can we get these number efficiently, you know the latency will be high if spawns a query to the data center per request.

Hi,

I’m trying to set up rate limiting for one of my sites but it doesn’t seem to be working for me.
I’m testing with very simple rules like: www.mydomain.com/foo/* in order to protect some API resources I have under that URI, however even after making sure the rule is set as “Live” and that I’m sending more requests than defined in threshold, I don’t see any change in behavior, i.e: I can keep sending requests without any restriction.

I’ve also checked and my current IP is not among any whitelist.

Any ideas of what could be happening?

Thanks in advance.

With your current threshold the total number of requests in the last 24 hours (cumulative) hasn’t exceeded the threshold set for the single minute threshold set for the rule according to the analytics information for rate limiting for the control panel.

1 Like

@cs-cf not sure if I understood you correctly, I have even tried to test setting a threshold of 10 requests per minute and then tried to access more than 10 times per minutes and didn’t see any change.

The current threshold is 750. Are you curling the actual API endpoint or a valid URL in your testing? Rate limiting only applies if the request is to origin. A response such as a 404 would be cached by our edge so subsequent requests wouldn’t go to the origin until the cache timed out on the 404 response.

@cs-cf At this moment it’s 750, but as said before I’ve tried with very small values like 10 per minute hitting one endpoint below the current matching URL and even though I see the requests in logs in my origin server, I don’t see it being blocked. I even tried setting the matching URL to ‘*’, and still no luck.

After I tried this, I set it back to 750.

It shows there were matching requests in the UI so at some point it was logging requests. But I can’t speak to any specifics around them. You might open a support ticket to see if you can reproduce with them using your URL/ data.

Hello, I am on free website plan but have entered my CC details to get further rate limiting quota (beyond the free 10k for all websites).

I just want to know exactly how many requests a server send to visit or access a page on my website. Is it 1 request to visit a page on my website? It is because I have set a Rate limit rule for each ip address for 10 requests for 1 minute beyond which to block for 1 hour.

The reason for this is I think each page visit results in 1 request and since I don’t get much traffic (I think no one visits ten pages on my site (if it results in 10 requests for = 10 page visits)) I have decided to block any ip that uses more than 10 visits (if it equals to 10 requests) in one minute. Is that alright if 1 page visit is 1 request and if I don’t get more than 10 visits in one minute? Thank you for your assistance.

In reference to the latest UI for configuring Rate Limiting, could you please tell me if the list of URLs in the Rate Limiting Bypass field are meant to be comma-separated or separated by carriage returns?
Example: .example.com/api/,.example.com/admin/,.example.com/users/
Or
.example.com/api/
.example.com/admin/
.example.com/users/

Is this still the case with the recent new features of rate limiting?

A post was split to a new topic: How cap rate limiting?