Why rate limit so expensive?


Each 10,000 requests coast $0.05.
For example: my rule 30 requests per 1 min. If DDOS atack has 10k IP and they know my rule they can set their bots send request every 2 seconds.

So, It turns out I will spend at least 90$ per hour. (30*10000*60/10000*0.05=90$).



Hopefully it won’t end up being so expensive. I would hope that DDoS protection would kick in before then.

I believe someone may have proposed an option to disable paid features if they hit a certain dollar amount. It may be in the Product Requests section:



You’d be only charged $90 if these 18 million requests were all legitimate and actually passed. Those which are blocked (the majority hopefully) wont be charged.

1 Like


Why would they not pass if they know my rule and make less requests than
set in rule



You can create multiple rules for the same paths with different timeframes/ rates and penalties. You can also create different rules for different paths with different rates. And on the business plan you can further refine rules using advanced criteria. Or on an Enterprise plan your account team can likely help you with some flat rate pricing.



A cheaper way to enforce rate limiting could be building a Cloudflare Worker, but in this case all requests are billable at the rate of $0.50 per million requests.