Rate limiting rule with challenge does not take effect

I am trying to experiment adding a new rate limiting rule that would present a challenge, but it does not have any effect: 1request / 10sec / challenge
Tried both the new and old rules implementations - same result.

To help, you’d need to share some details about how your rule is configured and how you are testing - as well as the output from those tests.

For example, a screenshot of your rule configuration and the output from a cURL loop that exceeds the rate limit - the following would send 2 requests, one after the other (will complete in under 10 seconds, in most cases):

for i in {1..2}; do date; curl https://example.com/my-rate-limited-url -svo /dev/null; done;

Most common cause for this type of issue is you’re not actually testing against Cloudflare and therefore you’re not triggering the rules at all, or the rule configuration is wrong and doesn’t match the test requests you are sending.

1 Like

Solved: there was an “allow” rule in WAF->Tools that bypassed the rate limiting rules for my VPN gateway.

1 Like