Understanding Rate Limiting


These days I’m getting ddos attacks directly to hosted MP4 files in my server, my website is a video streaming website.

I need to detect abusive actions and block them using Rate Limiting but when I do that I also block legitimate requests too.

I’ve created this rules :
PATH : mydomain.com/*.mp4
REQUEST 10 In 10 Seconds Then Block.

But it seems that it block normal users too who try to view videos with HTML Player.

Ive also created a firewall rules to block requests with referrer different from my domain.

If someone has an idea on how to stop these kinds of attacks it will be much appreciated.

:wave: @ibradome

How many .mp4 videos will be delivered per 10 seconds on average? Since video CDN is an ent only service your account team will likely have some suggestions on how best to protect your origins.

— OG