Why rate limit so expensive?

Each 10,000 requests coast $0.05.
For example: my rule 30 requests per 1 min. If DDOS atack has 10k IP and they know my rule they can set their bots send request every 2 seconds.

So, It turns out I will spend at least 90$ per hour. (30*10000*60/10000*0.05=90$).

1 Like

Hopefully it won’t end up being so expensive. I would hope that DDoS protection would kick in before then.

I believe someone may have proposed an option to disable paid features if they hit a certain dollar amount. It may be in the Product Requests section:
https://community.cloudflare.com/c/feedback/prodreq

You’d be only charged $90 if these 18 million requests were all legitimate and actually passed. Those which are blocked (the majority hopefully) wont be charged.

1 Like

Why would they not pass if they know my rule and make less requests than
set in rule

You can create multiple rules for the same paths with different timeframes/ rates and penalties. You can also create different rules for different paths with different rates. And on the business plan you can further refine rules using advanced criteria. Or on an Enterprise plan your account team can likely help you with some flat rate pricing.

2 Likes

A cheaper way to enforce rate limiting could be building a Cloudflare Worker, but in this case all requests are billable at the rate of $0.50 per million requests.

@adaptive

How so ? You would need to build your own database?

The worst thing about this is if that specific website has got a Free Plan on it, you can only choose to block. You can’t challenge them unless you upgrade.

The problem is not all websites are worth the upgrade because the traffic is neither high nor low.

The scrapper is currently working around the Rate Limit crawling slowly , this indirectly create more cost.

Certain user tend to open multiple tab at one shot , some of them might hit the rate limit if i lower it further. That’s showing a “You have been banned” page , that’s pretty much the last thing I would love to show.

Sad. This doesn’t benefit smaller websites. It’s more useful for website that has heavier traffic.