CINXE.COM

<!DOCTYPE html> <html lang="en-US"> <head> <meta charset="utf-8"> <meta name="viewport" content="width=device-width,initial-scale=1"> <title>Rate limiting | Netlify Docs</title> <meta name="generator" content="VuePress 1.9.9"> <link rel="stylesheet" href="https://fonts.googleapis.com/css?family=Roboto:400,500,700,400italic|Roboto+Mono:400"> <link rel="icon" href="/netlify-icon.svg" type="image/svg+xml"> <link rel="apple-touch-icon" href="/apple-touch-icon.png"> <link rel="icon" href="/favicon-32x32.png" type="image/png" sizes="32x32"> <link rel="icon" href="/favicon-16x16.png" type="image/png" sizes="16x16"> <script>(function (w) { if (!w) return; const darkQuery = w.matchMedia('(prefers-color-scheme: dark)'); const root = document.documentElement; function setTheme(newTheme) { if (newTheme === 'dark' || (newTheme === 'system' && darkQuery.matches)) { root.classList.add('dark-mode'); } else { root.classList.remove('dark-mode'); } w.__theme = newTheme; } w.__setPreferredTheme = function (newTheme) { setTheme(newTheme); try { localStorage.setItem('nf-docs-theme', w.__theme); } catch (err) {} }; // If using system theme, change colors in real time // in response to user settings darkQuery.addEventListener('change', function (event) { if (w.__theme === 'system') { if (event.matches) { root.classList.add('dark-mode'); } else { root.classList.remove('dark-mode'); } } }); let preferredTheme; // Try to get saved theme try { preferredTheme = localStorage.getItem('nf-docs-theme') || 'system'; } catch (err) {} // Initialize preferredTheme setTheme(preferredTheme); })(window);</script> <script src="/rum.js" data-application-id="ededf59a-7705-4933-b2a0-5efa8b35b293" data-client-token="pub1b84fc7c7429f37e025e8160c02da8bb" data-service="docs" data-env="production" defer="true"></script> <meta name="description" content="Customize rate limits for requests to your sites. Limit all requests to your sites or target specific site visitors."> <meta property="og:title" content="Rate limiting"> <meta property="og:url" content="https://docs.netlify.com/security/secure-access-to-sites/rate-limiting/"> <meta property="og:description" content="Customize rate limits for requests to your sites. Limit all requests to your sites or target specific site visitors."> <meta property="og:image" content="https://docs.netlify.com/og-image.png"> <meta name="viewport" content="width=device-width, initial-scale=1"> <meta prefix="og: http://ogp.me/ns#" property="og:type" content="article"> <meta prefix="og: http://ogp.me/ns#" property="og:article:author" content="Netlify"> <meta name="google-site-verification" content="G4JqDTXMHpDyWoqIRwgw8PBqg-AncXqtdkHehcOR7kc"> <meta name="slack-app-id" content="A05P27DR8C8"> <link href="https://docs.netlify.com/security/secure-access-to-sites/rate-limiting/" rel="canonical" /> <link rel="preload" href="/assets/css/0.styles.bebdbd1c.css" as="style"><link rel="preload" href="/assets/js/app.cc2f9ad6.js" as="script"><link rel="preload" href="/assets/js/10.a8fb7bb3.js" as="script"><link rel="preload" href="/assets/js/2.01499542.js" as="script"><link rel="preload" href="/assets/js/208.0a63108d.js" as="script"><link rel="preload" href="/assets/js/14.ac5e30c4.js" as="script"><link rel="preload" href="/assets/js/9.ad446dfa.js" as="script"><link rel="preload" href="/assets/js/16.dc8f34ea.js" as="script"><link rel="preload" href="/assets/js/15.6d589b72.js" as="script"><link rel="preload" href="/assets/js/3.9ee141f4.js" as="script"> <link rel="stylesheet" href="/assets/css/0.styles.bebdbd1c.css"> </head> <body> <noscript><iframe src="https://www.googletagmanager.com/ns.html?id=GTM-NMKKF2M" height="0" width="0" style="display:none;visibility:hidden"></iframe></noscript> <div id="app" data-server-rendered="true"><div class="theme-container"><header class="navbar-header"><div class="navbar"><div class="navbar__logo-link"><a href="/" class="router-link-active"><span class="visuallyhidden">Netlify Docs</span> <svg width="146" height="40" viewBox="0 0 146 40" fill="none" xmlns="http://www.w3.org/2000/svg" class="netlify-lockup" data-v-4ee6c329><path d="M22.794 39.79V29.687l.21-.21h2.526l.21.21V39.79l-.21.209h-2.527l-.209-.21ZM22.794 10.314V.21l.21-.209h2.526l.21.21v10.104l-.21.21h-2.527l-.209-.21ZM14.1 32.687h-.347l-1.738-1.738v-.347l3.256-3.26 1.84.004.245.242v1.84L14.1 32.686ZM12.015 9.49v-.35l1.738-1.735h.347l3.256 3.256v1.836l-.246.248h-1.839L12.015 9.49ZM.582 18.524h14.316l.21.21v2.53l-.21.209H.582l-.21-.21v-2.53l.21-.209Z" fill="var(--lockup-lines-fill)" data-v-4ee6c329></path> <path d="M29.005 25.265h-2.526l-.21-.21v-5.912c0-1.054-.412-1.869-1.682-1.895-.654-.016-1.4 0-2.199.033l-.12.12v7.651l-.21.21h-2.526l-.21-.21V14.948l.21-.21h5.684a3.998 3.998 0 0 1 3.998 3.999v6.315l-.21.21v.003ZM41.24 20.841l-.21.21H34.5l-.21.209c0 .422.423 1.685 2.108 1.685.631 0 1.263-.21 1.476-.631l.21-.21h2.525l.21.21c-.21 1.263-1.263 3.16-4.424 3.16-3.58 0-5.265-2.526-5.265-5.477 0-2.952 1.685-5.478 5.055-5.478 3.37 0 5.056 2.526 5.056 5.478v.844Zm-3.161-2.107c0-.21-.21-1.686-1.895-1.686s-1.895 1.476-1.895 1.686l.21.21h3.37l.21-.21ZM47.136 22.104c0 .422.21.632.632.632h1.895l.209.209v2.107l-.21.21h-1.894c-1.895 0-3.58-.845-3.58-3.161v-4.634l-.21-.21h-1.475l-.21-.209v-2.107l.21-.21h1.476l.21-.209v-1.894l.209-.21h2.526l.21.21v1.894l.209.21h2.316l.21.21v2.106l-.21.21h-2.316l-.21.21V22.1l.003.003ZM54.93 25.265h-2.525l-.21-.21V10.73l.21-.21h2.526l.21.21v14.322l-.21.21v.003ZM60.618 13.046h-2.526l-.21-.209V10.73l.21-.21h2.526l.21.21v2.107l-.21.21Zm0 12.22h-2.526l-.21-.21V14.944l.21-.21h2.526l.21.21v10.112l-.21.21ZM70.52 10.73v2.107l-.21.21h-1.894c-.422 0-.632.209-.632.631v.844l.21.21H70.1l.21.21v2.106l-.21.21h-2.107l-.21.21v7.581l-.21.21H65.05l-.21-.21v-7.582l-.21-.21h-1.475l-.21-.209v-2.107l.21-.21h1.476l.21-.209v-.844c0-2.317 1.684-3.161 3.58-3.161h1.894l.21.21-.004.003ZM78.311 25.474c-.844 2.108-1.685 3.37-4.633 3.37h-1.054l-.21-.209v-2.107l.21-.21h1.054c1.053 0 1.263-.209 1.475-.84v-.21l-3.37-8.216v-2.108l.21-.21h1.894l.21.21 2.526 7.163h.21l2.525-7.163.21-.21h1.894l.21.21v2.108l-3.37 8.426.01-.004Z" fill="var(--lockup-wordmark-fill)" data-v-4ee6c329></path> <path d="M94.699 25.205V10.707l-.213-.214H92.78l-.213.214v5.117h-.213c-.661-.853-1.706-1.28-2.772-1.28-2.985 0-4.69 2.346-4.69 5.544 0 3.198 1.705 5.543 4.69 5.543 1.13 0 2.132-.469 2.772-1.28h.213l.213.854.213.213h1.493l.213-.213Zm-2.132-5.117c0 2.558-1.066 3.624-2.772 3.624-1.705 0-2.771-1.258-2.771-3.624 0-2.367 1.066-3.625 2.771-3.625 1.706 0 2.772 1.066 2.772 3.625ZM96.614 20.088c0 3.411 1.918 5.543 5.117 5.543 3.198 0 5.117-2.132 5.117-5.543 0-3.412-1.919-5.544-5.117-5.544s-5.117 2.133-5.117 5.544Zm2.132 0c0-2.346 1.066-3.625 2.985-3.625 1.918 0 2.985 1.28 2.985 3.625 0 2.345-1.067 3.624-2.985 3.624-1.92 0-2.985-1.279-2.985-3.624ZM110.26 20.088c0-2.346 1.066-3.625 2.985-3.625 1.705 0 2.345.853 2.558 1.706l.213.213h1.706l.213-.213c-.213-1.919-1.706-3.625-4.69-3.625-3.199 0-5.117 2.133-5.117 5.544 0 3.411 1.918 5.543 5.117 5.543 2.984 0 4.477-1.706 4.69-3.624l-.213-.213h-1.706l-.213.213c-.213.852-.853 1.705-2.558 1.705-1.919 0-2.985-1.279-2.985-3.624ZM127.733 22.433c0-1.919-1.066-2.772-3.199-3.198-2.132-.426-2.984-.64-2.984-1.706 0-.852.852-1.066 1.918-1.066 1.493 0 1.919.64 1.919 1.28l.214.213h1.705l.213-.213c0-2.132-1.705-3.198-4.051-3.198-2.984 0-4.05 1.492-4.05 2.984 0 1.92 1.279 2.772 3.411 3.198 2.132.427 2.772.64 2.772 1.706 0 .853-.64 1.28-2.133 1.28-1.492 0-2.132-.64-2.132-1.706l-.213-.213h-1.705l-.214.213c0 2.345 1.493 3.624 4.264 3.624 2.985 0 4.265-1.492 4.265-3.198Z" fill="var(--lockup-secondary-text-fill)" data-v-4ee6c329></path> <path d="M131.138 18.524h14.316l.209.21v2.53l-.209.209h-14.316l-.21-.21v-2.53l.21-.209Z" fill="var(--lockup-lines-fill)" data-v-4ee6c329></path></svg></a></div> <div class="navbar__actions-wrapper"><form id="search-form" role="search" class="algolia-search-wrapper search-form"><label class="search-form__label"><svg aria-hidden="true" xmlns="http://www.w3.org/2000/svg" width="18" height="18" viewBox="0 0 32 32" class="search-form__label-icon-search"><path d="M20.571 15.143c0-4.411-3.589-8-8-8s-8 3.589-8 8 3.589 8 8 8 8-3.589 8-8zM29.714 30c0 1.25-1.036 2.286-2.286 2.286-0.607 0-1.196-0.25-1.607-0.679l-6.125-6.107c-2.089 1.446-4.589 2.214-7.125 2.214-6.946 0-12.571-5.625-12.571-12.571s5.625-12.571 12.571-12.571 12.571 5.625 12.571 12.571c0 2.536-0.768 5.036-2.214 7.125l6.125 6.125c0.411 0.411 0.661 1 0.661 1.607z" fill="rgba(175, 180, 182, 0.87)"></path></svg> <input id="algolia-search-input" placeholder="Search our docs by topic..." class="search-form__input"></label> <button tabindex="-1" type="reset" class="search-form__label-icon-close"><span class="visuallyhidden">Close search</span> <svg aria-hidden="true" xmlns="http://www.w3.org/2000/svg" width="14" height="14" viewBox="0 0 18 18"><g fill="#A3A9AC" transform="scale(-1 1) rotate(45 .571 -12.959)"><rect width="2.333" height="18.667" x="8.164" y=".003"></rect> <polygon points="8.164 .003 10.497 .003 10.497 18.67 8.164 18.67" transform="rotate(-90 9.33 9.336)"></polygon></g></svg></button> <div class="search-form__content-overlay"></div></form> <div class="navbar__right-actions"><a href="/ask-netlify/" aria-label="ask netlify" class="navbar__ask-netlify-link"><span class="navbar__ask-netlify-icon"><svg xmlns="http://www.w3.org/2000/svg" fill="none" viewBox="0 0 44 44" class="wrapper__icon-ask-netlify"><path fill="currentColor" d="M18.77 23.56a1.8 1.8 0 1 1-3.6 0 1.8 1.8 0 0 1 3.6 0Zm8.26 1.8a1.8 1.8 0 1 0 0-3.6 1.8 1.8 0 0 0 0 3.6Zm-3.86-1.54.03.07v.38l-.03.07-.87 1.77-.12.09h-.32l-.13-.1-.9-1.76-.03-.07v-.38l.03-.07 1-.66h.31l1.03.66Z"></path> <path fill="currentColor" fill-rule="evenodd" d="M22.32 13C28.77 13 34 17.22 34 23.67a6.97 6.97 0 0 1-6.97 6.97H10v-6.97C10 17.22 15.23 13 21.68 13h.64ZM11.55 23.16a5.24 5.24 0 0 1 10.07-2.05h.76l.01-.03a5.24 5.24 0 0 1 10.06 2.08c0 2.65-2.13 5.17-4.53 5.23H16.5a5.24 5.24 0 0 1-4.95-5.23Z" clip-rule="evenodd"></path> <path fill="currentColor" d="m24.47 8.12.07-.16 1.16-.4.15.08.63 1.95-.4.82-.16.06-.82-.4-.63-1.95Zm9.88 3.27.16.06.48 1.13-.07.16-1.9.76-.85-.34-.07-.16.35-.85 1.9-.76ZM30.04 8l.16-.06 1.1.54.05.16-1.14 2.43-.87.3-.15-.08-.3-.86L30.04 8Z" class="ask-netlify-flair"></path></svg></span> <span class="navbar__ask-netlify-label">Ask Netlify</span></a> <div class="user-menu"> <button href="#menu" aria-label="menu" class="menu-trigger is-not-visible-mamabear"><svg viewBox="0 0 31 25" xmlns="http://www.w3.org/2000/svg" class="wrapper__icon-menu"><rect x="0.581177" y="0.71875" width="30" height="4" fill="currentcolor"></rect> <rect x="0.581177" y="10.7188" width="30" height="4" fill="currentcolor"></rect> <rect x="0.581177" y="20.7188" width="30" height="4" fill="currentcolor"></rect></svg></button> <nav aria-label="Netlify navigation" class="navbar__nav is-visible-mamabear navbar__authlinks" data-v-1733a580><div class="navbar__nav-list" data-v-1733a580><a href="https://app.netlify.com/login" rel="noopener noreferrer" class="navbar__nav-link" data-v-1733a580> Log in </a> <a href="https://app.netlify.com/signup" target="self" rel="noopener noreferrer" class="navbar__nav-link signup-button" data-v-1733a580> Sign up </a></div></nav></div></div></div></div></header> <main class="wrapper wrapper--main"><div class="wrapper__sidebar wrapper__navigation"><a class="button button--icon button--close is-not-visible-mamabear"><svg aria-hidden="true" width="24" height="24" viewBox="0 0 16 16" class="icon"><path d="M8,15 C4.13400675,15 1,11.8659932 1,8 C1,4.13400675 4.13400675,1 8,1 C11.8659932,1 15,4.13400675 15,8 C15,11.8659932 11.8659932,15 8,15 Z M10.44352,10.7233105 L10.4528296,10.7326201 L10.7326201,10.4528296 C11.0310632,10.1543865 11.0314986,9.66985171 10.7335912,9.37194437 L9.36507937,8.0034325 L10.7360526,6.63245928 C11.0344957,6.33401613 11.0349311,5.84948135 10.7370237,5.55157401 L10.448426,5.26297627 C10.1505186,4.96506892 9.66598387,4.96550426 9.36754072,5.26394741 L8.00589385,6.62559428 L6.63738198,5.25708241 C6.33947464,4.95917507 5.85493986,4.95961041 5.55649671,5.25805356 L5.26737991,5.54717036 C4.96893676,5.84561351 4.96850142,6.33014829 5.26640876,6.62805563 L6.62561103,7.9872579 L5.25463781,9.35823112 C4.95619466,9.65667427 4.95575932,10.141209 5.25366666,10.4391164 L5.5422644,10.7277141 C5.84017175,11.0256215 6.32470652,11.0251861 6.62314967,10.726743 L7.99412289,9.35576976 L9.36263476,10.7242816 C9.66054211,11.022189 10.1450769,11.0217536 10.44352,10.7233105 Z"></path></svg></a> <div aria-label="Docs" class="sidebar wrapper__sidebar-interior"><nav aria-label="Docs"><div><div class="sidebar__section"><span class="sidebar__section-label">Welcome</span> <ul class="sidebar__links"><li class="sidebar__link-item"><div><a href="/" aria-current="page" class="sidebar__link">Home</a></div></li><li class="sidebar__link-item"><div><a href="/get-started/" class="sidebar__link">Get started</a></div></li><li class="sidebar__link-item"><div><a href="/welcome/add-new-site/" class="sidebar__link">Add new site</a></div></li><li class="sidebar__link-item"><section tabIndex="-1" class="sidebar__group collapsable is-sub-group"><button tabIndex="-1" class="sidebar__group-heading"> Get help </button>  </section></li></ul></div><div class="sidebar__section"><span class="sidebar__section-label">Platform</span> <ul class="sidebar__links"><li class="sidebar__link-item"><div><a href="/platform/what-is-netlify/" class="sidebar__link">What is Netlify?</a></div></li><li class="sidebar__link-item"><div><a href="/platform/who-is-netlify-for/" class="sidebar__link">Who is Netlify for?</a></div></li><li class="sidebar__link-item"><section tabIndex="-1" class="sidebar__group collapsable is-sub-group"><button tabIndex="-1" class="sidebar__group-heading"> Checklists </button>  </section></li><li class="sidebar__link-item"><section tabIndex="-1" class="sidebar__group collapsable is-sub-group"><button tabIndex="-1" class="sidebar__group-heading"> How we release </button>  </section></li></ul></div><div class="sidebar__section"><span class="sidebar__section-label">Platform primitives</span> <ul class="sidebar__links"><li class="sidebar__link-item"><div><a href="/platform/primitives/" class="sidebar__link">Overview</a></div></li><li class="sidebar__link-item"><section tabIndex="-1" class="sidebar__group collapsable is-sub-group"><button tabIndex="-1" class="sidebar__group-heading"> Functions </button>  </section></li><li class="sidebar__link-item"><section tabIndex="-1" class="sidebar__group collapsable is-sub-group"><button tabIndex="-1" class="sidebar__group-heading"> Edge Functions </button>  </section></li><li class="sidebar__link-item"><section tabIndex="-1" class="sidebar__group collapsable is-sub-group"><button tabIndex="-1" class="sidebar__group-heading"> Image CDN </button>  </section></li><li class="sidebar__link-item"><div><a href="/blobs/overview/" class="sidebar__link">Blobs</a></div></li><li class="sidebar__link-item"><div><a href="/platform/caching/" class="sidebar__link">Caching</a></div></li><li class="sidebar__link-item"><div><a href="/platform/dev-server/" class="sidebar__link">Dev Server</a></div></li><li class="sidebar__link-item"><section tabIndex="-1" class="sidebar__group collapsable is-sub-group"><button tabIndex="-1" class="sidebar__group-heading"> Platform extensions </button>  </section></li></ul></div><div class="sidebar__section"><span class="sidebar__section-label">Frameworks</span> <ul class="sidebar__links"><li class="sidebar__link-item"><div><a href="/frameworks/" class="sidebar__link">Overview</a></div></li><li class="sidebar__link-item"><section tabIndex="-1" class="sidebar__group collapsable is-sub-group"><button tabIndex="-1" class="sidebar__group-heading"> Framework support </button>  </section></li><li class="sidebar__link-item"><div><a href="/frameworks/environment-variables/" class="sidebar__link">Use environment variables with frameworks</a></div></li><li class="sidebar__link-item"><div><a href="/frameworks-api/" class="sidebar__link">Frameworks API</a></div></li></ul></div><div class="sidebar__section"><span class="sidebar__section-label">Developer tools</span> <ul class="sidebar__links"><li class="sidebar__link-item"><section tabIndex="-1" class="sidebar__group collapsable is-sub-group"><button tabIndex="-1" class="sidebar__group-heading"> CLI </button>  </section></li><li class="sidebar__link-item"><section tabIndex="-1" class="sidebar__group collapsable is-sub-group"><button tabIndex="-1" class="sidebar__group-heading"> API </button>  </section></li><li class="sidebar__link-item"><div><a href="/terraform-provider/" class="sidebar__link">Terraform Provider</a></div></li><li class="sidebar__link-item"><div><a href="https://developers.netlify.app/sdk/get-started/introduction/" target="_blank" rel="noopener noreferrer" class="sidebar__link">Netlify SDK</a></div></li><li class="sidebar__link-item"><div><a href="/welcome/command-palette/" class="sidebar__link">Command Palette</a></div></li></ul></div><div class="sidebar__section"><span class="sidebar__section-label">Integrate & extend</span> <ul class="sidebar__links"><li class="sidebar__link-item"><div><a href="/integrations/overview/" class="sidebar__link">Overview</a></div></li><li class="sidebar__link-item"><section tabIndex="-1" class="sidebar__group collapsable is-sub-group"><button tabIndex="-1" class="sidebar__group-heading"> Integrations </button>  </section></li><li class="sidebar__link-item"><section tabIndex="-1" class="sidebar__group collapsable is-sub-group"><button tabIndex="-1" class="sidebar__group-heading"> Build Plugins </button>  </section></li><li class="sidebar__link-item"><div><a href="/slack-app/" class="sidebar__link">Netlify App for Slack</a></div></li><li class="sidebar__link-item"><div><a href="/integrations/extend-netlify/" class="sidebar__link">Extend Netlify</a></div></li></ul></div><div class="sidebar__section"><span class="sidebar__section-label">Configure & deploy site</span> <ul class="sidebar__links"><li class="sidebar__link-item"><section tabIndex="-1" class="sidebar__group collapsable is-sub-group"><button tabIndex="-1" class="sidebar__group-heading"> Git </button>  </section></li><li class="sidebar__link-item"><section tabIndex="-1" class="sidebar__group collapsable is-sub-group"><button tabIndex="-1" class="sidebar__group-heading"> Environment variables </button>  </section></li><li class="sidebar__link-item"><section tabIndex="-1" class="sidebar__group collapsable is-sub-group"><button tabIndex="-1" class="sidebar__group-heading"> Configure builds </button>  </section></li><li class="sidebar__link-item"><section tabIndex="-1" class="sidebar__group collapsable is-sub-group"><button tabIndex="-1" class="sidebar__group-heading"> Site deploys </button>  </section></li><li class="sidebar__link-item"><section tabIndex="-1" class="sidebar__group collapsable is-sub-group"><button tabIndex="-1" class="sidebar__group-heading"> Domains & HTTPS </button>  </section></li><li class="sidebar__link-item"><section tabIndex="-1" class="sidebar__group collapsable is-sub-group"><button tabIndex="-1" class="sidebar__group-heading"> Static routing </button>  </section></li><li class="sidebar__link-item"><section tabIndex="-1" class="sidebar__group collapsable is-sub-group"><button tabIndex="-1" class="sidebar__group-heading"> Forms </button>  </section></li></ul></div><div class="sidebar__section"><span class="sidebar__section-label">Visual editing</span> <ul class="sidebar__links"><li class="sidebar__link-item"><section tabIndex="-1" class="sidebar__group collapsable is-sub-group"><button tabIndex="-1" class="sidebar__group-heading"> Visual Editor </button>  </section></li><li class="sidebar__link-item"><div><a href="/ai-assisted-publishing/" class="sidebar__link">AI-Assisted Publishing</a></div></li><li class="sidebar__link-item"><div><a href="https://visual-editor-reference.netlify.com/" target="_blank" rel="noopener noreferrer" class="sidebar__link">Visual editor reference</a></div></li></ul></div><div class="sidebar__section"><span class="sidebar__section-label">Manage data</span> <ul class="sidebar__links"><li class="sidebar__link-item"><section tabIndex="-1" class="sidebar__group collapsable is-sub-group"><button tabIndex="-1" class="sidebar__group-heading"> Connect </button>  </section></li></ul></div><div class="sidebar__section"><span class="sidebar__section-label">Site & team management</span> <ul class="sidebar__links"><li class="sidebar__link-item"><section tabIndex="-1" class="sidebar__group collapsable is-sub-group"><button tabIndex="-1" class="sidebar__group-heading"> Accounts & billing </button>  </section></li><li class="sidebar__link-item"><section tabIndex="-1" class="sidebar__group collapsable is-sub-group"><button aria-expanded="true" tabIndex="-1" class="sidebar__group-heading open"> Security </button> <ul class="sidebar__links sidebar__group-items"><li class="sidebar__link-item"><div><a href="/security/overview/" class="sidebar__link">Security overview</a></div></li><li class="sidebar__link-item"><div><a href="/security/security-scorecard/" class="sidebar__link">Security Scorecard</a></div></li><li class="sidebar__link-item"><div><a href="/security/content-security-policy/" class="sidebar__link">Content Security Policy</a></div></li><li class="sidebar__link-item"><section tabIndex="-1" class="sidebar__group collapsable is-sub-group"><button tabIndex="-1" class="sidebar__group-heading"> Secure access to Netlify </button>  </section></li><li class="sidebar__link-item"><section tabIndex="-1" class="sidebar__group collapsable is-sub-group"><button aria-expanded="true" tabIndex="-1" class="sidebar__group-heading open"> Secure access to sites </button> <ul class="sidebar__links sidebar__group-items"><li class="sidebar__link-item"><div><a href="/security/secure-access-to-sites/" aria-current="page" class="sidebar__link">Overview</a></div></li><li class="sidebar__link-item"><div><a href="/security/secure-access-to-sites/web-application-firewall/" class="sidebar__link">Web Application Firewall</a></div></li><li class="sidebar__link-item"><div><a href="/security/secure-access-to-sites/traffic-rules/" class="sidebar__link">Firewall Traffic Rules</a></div></li><li class="sidebar__link-item"><div><a href="/security/secure-access-to-sites/rate-limiting/" aria-current="page" class="active sidebar__link">Rate limiting</a></div></li><li class="sidebar__link-item"><div><a href="/security/secure-access-to-sites/site-protection/" class="sidebar__link">Site Protection</a></div></li><li class="sidebar__link-item"><div><a href="/security/secure-access-to-sites/git-gateway/" class="sidebar__link">Git Gateway</a></div></li><li class="sidebar__link-item"><div><a href="/security/secure-access-to-sites/oauth-provider-tokens/" class="sidebar__link">Use OAuth provider tokens on your site</a></div></li><li class="sidebar__link-item"><div><a href="/security/secure-access-to-sites/role-based-access-control/" class="sidebar__link">Role-based access control with JWT</a></div></li><li class="sidebar__link-item"><div><a href="/security/secure-access-to-sites/basic-authentication-with-custom-http-headers/" class="sidebar__link">Basic authentication with custom HTTP headers</a></div></li><li class="sidebar__link-item"><section tabIndex="-1" class="sidebar__group collapsable is-sub-group"><button tabIndex="-1" class="sidebar__group-heading"> Authenticate with Identity </button>  </section></li></ul> </section></li><li class="sidebar__link-item"><div><a href="/security/private-connectivity/" class="sidebar__link">Private Connectivity</a></div></li></ul> </section></li><li class="sidebar__link-item"><section tabIndex="-1" class="sidebar__group collapsable is-sub-group"><button tabIndex="-1" class="sidebar__group-heading"> Monitor sites </button>  </section></li></ul></div></div></nav> <div aria-labelledby="#external-link__header" class="external-links" data-v-bad94b42><p id="external-link__header" class="external-links__header" data-v-bad94b42> Contact </p> <ul class="external-links__list" data-v-bad94b42><li class="external-links__item" data-v-bad94b42><a href="https://answers.netlify.com" target="_blank" rel="noopener noreferrer" class="external-links__link" data-v-bad94b42> Forums </a></li> <li class="external-links__item" data-v-bad94b42><a href="https://www.netlify.com/support/" target="_blank" rel="noopener noreferrer" class="external-links__link" data-v-bad94b42> Contact support </a></li></ul></div> <nav aria-label="Netlify navigation" class="navbar__nav is-visible-mamabear navbar__authlinks is-not-visible-mamabear" data-v-1733a580><div class="navbar__nav-list" data-v-1733a580><a href="https://app.netlify.com/login" rel="noopener noreferrer" class="navbar__nav-link" data-v-1733a580> Log in </a> <a href="https://app.netlify.com/signup" target="self" rel="noopener noreferrer" class="navbar__nav-link signup-button" data-v-1733a580> Sign up </a></div></nav></div></div> <div class="wrapper__sidebar wrapper__toc"><nav aria-label="On this page" data-toc="" class="contents wrapper__sidebar-interior"> <details><summary class="contents__header">On this page</summary> <ol><li><a href="/security/secure-access-to-sites/rate-limiting/#overview" data-slug="overview">Overview</a> <ul><li><a href="/security/secure-access-to-sites/rate-limiting/#use-cases" data-slug="use-cases">Use cases</a> </li><li><a href="/security/secure-access-to-sites/rate-limiting/#examples" data-slug="examples">Examples</a> </li></ul></li><li><a href="/security/secure-access-to-sites/rate-limiting/#set-rate-limiting-rules-in-ui" data-slug="set-rate-limiting-rules-in-ui">Set rate limiting rules in UI</a> <ul><li><a href="/security/secure-access-to-sites/rate-limiting/#rule-conditions-defined-in-the-ui" data-slug="rule-conditions-defined-in-the-ui">Rule conditions defined in the UI</a> </li><li><a href="/security/secure-access-to-sites/rate-limiting/#published-and-unpublished-deploys" data-slug="published-and-unpublished-deploys">Published and unpublished deploys</a> </li><li><a href="/security/secure-access-to-sites/rate-limiting/#limitations" data-slug="limitations">Limitations</a> </li><li><a href="/security/secure-access-to-sites/rate-limiting/#how-request-counts-are-calculated" data-slug="how-request-counts-are-calculated">How request counts are calculated</a> </li><li><a href="/security/secure-access-to-sites/rate-limiting/#request-aggregation-options" data-slug="request-aggregation-options">Request aggregation options</a> <ul></ul></li><li><a href="/security/secure-access-to-sites/rate-limiting/#example-request-calculation-for-set-of-rules" data-slug="example-request-calculation-for-set-of-rules">Example request calculation for set of rules</a> </li><li><a href="/security/secure-access-to-sites/rate-limiting/#manage-rulesets-in-the-ui" data-slug="manage-rulesets-in-the-ui">Manage rulesets in the UI</a> <ul></ul></li><li><a href="/security/secure-access-to-sites/rate-limiting/#apply-a-ruleset-to-a-site" data-slug="apply-a-ruleset-to-a-site">Apply a ruleset to a site</a> </li><li><a href="/security/secure-access-to-sites/rate-limiting/#configure-a-team-policy-ruleset-in-the-ui" data-slug="configure-a-team-policy-ruleset-in-the-ui">Configure a team policy ruleset in the UI</a> </li></ul></li><li><a href="/security/secure-access-to-sites/rate-limiting/#set-rate-limiting-rules-in-code" data-slug="set-rate-limiting-rules-in-code">Set rate limiting rules in code</a> <ul><li><a href="/security/secure-access-to-sites/rate-limiting/#rule-evaluation-order" data-slug="rule-evaluation-order">Rule evaluation order</a> </li><li><a href="/security/secure-access-to-sites/rate-limiting/#define-a-limit-in-code" data-slug="define-a-limit-in-code">Define a limit in code</a> <ul></ul></li><li><a href="/security/secure-access-to-sites/rate-limiting/#track-rules-in-the-build-log" data-slug="track-rules-in-the-build-log">Track rules in the build log</a> </li><li><a href="/security/secure-access-to-sites/rate-limiting/#redirect-examples" data-slug="redirect-examples">Redirect examples</a> </li><li><a href="/security/secure-access-to-sites/rate-limiting/#function-edge-function-examples" data-slug="function-edge-function-examples">Function & edge function examples</a> </li></ul></li></ol></details></nav></div> <section class="wrapper__content"><header class="content__default"><div class="wrapper__breadcrumbs"><span class="breadcrumb__item"><span>Site & team management</span> <span class="breadcrumb__break">/</span></span><span class="breadcrumb__item"><span>Security</span> <span class="breadcrumb__break">/</span></span><span class="breadcrumb__item"><span>Secure access to sites</span> <span class="breadcrumb__break">/</span></span></div> <h1>Rate limiting</h1></header> <div class="content__default"><div class="pricing"><p class="pricing-message">This feature is available on <a href='https://www.netlify.com/pricing/?category=enterprise' target='_blank' class='pricing-link'>Enterprise</a> plans and requires High-Performance Edge.</p></div> <p>Rate limit your sites with highly-customizable rate limiting rules, which you can apply across your team’s sites in rulesets defined in the Netlify UI. You can also define rules in your site’s code for a specific deploy or site.</p> <p>Rate limiting is a part of <a href="/security/secure-access-to-sites/#netlify-advanced-web-security">Netlify Advanced Web Security</a>, which offers extra security features designed for enterprise and advanced security needs.</p> <p>Note that rate limiting rules are evaluated after <a href="/security/secure-access-to-sites/traffic-rules/">Firewall Traffic Rules</a> and <a href="/security/secure-access-to-sites/web-application-firewall/">Web Application Firewall (WAF)</a> rules. Learn more about <a href="/security/secure-access-to-sites/#rule-precedence">rule precedence</a>.</p> <h2 id="overview"><a href="#overview" class="header-anchor">#</a> Overview</h2> <p>As a Team Owner, you can create rate limiting rules in the following ways:</p> <ul><li>in rulesets you create in the Netlify UI, which you can then apply to a site’s <a href="#published-and-unpublished-deploys">published or unpublished deploys</a></li> <li>in your site’s code for <a href="/routing/redirects/">redirects</a>, <a href="/functions/overview/">functions</a> and <a href="/edge-functions/overview/">edge functions</a></li></ul> <p>Here are some general guidelines that may help you decide how and when to set up these rules:</p> <ul><li>Set up rate limiting rules in the Netlify UI to establish rules across all new and existing sites in your team quickly with a team policy and get more help setting up your rulesets. Track ruleset changes in your audit log.</li> <li>Set up programmatic rate limiting rules in your site’s code to test out rules for a single deploy before merging into your production branch and to track rate limiting rule changes in code. You can add rules in the code for redirects, serverless functions, or edge functions. Note that if a deploy has its own unique rate limiting rules committed in code, these will take precedence over other rate limiting rules created in the Netlify UI. Learn more about <a href="#rule-evaluation-order">rule evaluation order</a>.</li></ul> <p>Learn more about <a href="/security/secure-access-to-sites/rate-limiting/#set-rate-limiting-rules-in-ui">rate limiting rules set in the UI</a> and <a href="/security/secure-access-to-sites/rate-limiting/#set-rate-limiting-rules-in-code">programmatic rate limiting rules</a>.</p> <h3 id="use-cases"><a href="#use-cases" class="header-anchor">#</a> Use cases</h3> <ul><li><strong>Mitigate a DDoS attack.</strong> While Netlify offers automatic DDoS detection, rate limiting, and blocking to keep your site reliable, you can now preemptively customize rate limiting rules for your site and apply these rules to all sites in your team by default with a <a href="#configure-a-team-policy-ruleset">team policy</a>. Note that Netlify’s automatic DDoS protection can activate before your own custom limits are triggered.</li> <li><strong>Protect your backend.</strong> Protect your site’s backend by limiting traffic for all requests to your site instead of just requests from certain IP addresses. This helps your site avoid server crashes and slow response times.</li> <li><strong>Prevent web scraping.</strong> Limit requests from a single IP address or user agent to preserve content integrity and prevent unauthorized access to sensitive information.</li> <li><strong>Enforce fair API usage.</strong> Limit the number of API calls that a client can make within a 60 second period to prevent API abuse and keep the API available and high-performing for all.</li> <li><strong>Reduce bot traffic.</strong> Prioritize requests from real site visitors by limiting requests from bots that can overwhelm the server. This is especially important during times of high traffic, such as for flash sales, promotions, or viral content.</li> <li><strong>Optimize bandwidth usage.</strong> Limit requests that use up a lot of bandwidth, such as requests to access articles and media files, and requests related to data transfer.</li> <li><strong>Target a malicious actor.</strong> Limit requests to your site based on the number of requests to a domain from a certain IP address.</li></ul> <h3 id="examples"><a href="#examples" class="header-anchor">#</a> Examples</h3> <p>For more detailed examples of how to set up a rate limit rule for different use cases, check out our official <a href="https://developers.netlify.com/guides/safeguard-your-sites-from-abuse-with-netlify-rate-limiting" target="_blank" rel="noopener noreferrer">Developer Hub guide on safeguarding your sites from abuse</a>.</p> <h2 id="set-rate-limiting-rules-in-ui"><a href="#set-rate-limiting-rules-in-ui" class="header-anchor">#</a> Set rate limiting rules in UI</h2> <p>Define and manage rate limiting rules in the Netlify UI. To ensure that a ruleset is always applied to your team’s sites, you can set up a team policy in the UI that enforces a ruleset for all new and existing sites.</p> <p>When you configure rate limit rules in the UI, you can specify what action should occur when a rate limit is triggered:</p> <ul><li><strong>Block</strong>: this action blocks requests with a standard <a href="https://developer.mozilla.org/en-US/docs/Web/HTTP/Status/429" target="_blank" rel="noopener noreferrer">429 status code</a>.</li> <li><strong>Rewrite to path:</strong> this action rewrites the request path with a new relative path that you specify. For example, you can rewrite requests to your own customized rate limit error page with a relative path such as <code>/rate_limit_page.html</code>.</li></ul> <p>When a Team Owner creates, edits, deletes, or applies a rate limiting ruleset in the Netlify UI, these actions are logged in the <a href="/accounts-and-billing/team-management/team-audit-log/">Team audit log</a>. Rate limit rules are <code>read-only</code> for the <a href="/accounts-and-billing/team-management/roles-and-permissions/#developer">Developer</a> role.</p> <div id="rule-conditions" class="legacy-anchor"></div> <h3 id="rule-conditions-defined-in-the-ui"><a href="#rule-conditions-defined-in-the-ui" class="header-anchor">#</a> Rule conditions defined in the UI</h3> <p>Optimize your rate limiting rules for different use cases with different rule conditions, which define when a rate limit rule is triggered.</p> <p>You can trigger a rate limit rule when values match or equal one or more of the following:</p> <ul><li>Connection IP address</li> <li>Geolocation</li> <li>Request path</li> <li>Cookie</li> <li>HTTP header</li></ul> <p>Below are some rule condition triggers and examples of the values they accept in the UI.</p> <table><thead><tr><th>Rule condition trigger</th> <th>Supported value format</th> <th>Examples</th></tr></thead> <tbody><tr><td>Connection IP</td> <td>IP address of either the user accessing the site or the proxy set up to access the site in <a href="https://www.freecodecamp.org/news/subnet-cheat-sheet-24-subnet-mask-30-26-27-29-and-other-ip-address-cidr-network-references/" target="_blank" rel="noopener noreferrer">CIDR notation</a></td> <td><code>155.255.355.0/24</code></td></tr> <tr><td>Geolocation</td> <td>Text</td> <td>Enter a country name, then select a country/subregion</td></tr> <tr><td>Path</td> <td>Text or regex</td> <td><code>/api/v1/.*</code> <br> <br> For requests that proxy to an API</td></tr> <tr><td>Cookie</td> <td>Text or regex</td> <td>Set <code>session_key</code> to match <code>.*</code> value <br> <br> Will match requests with a <code>session_key</code> value, even if the value for that key is empty</td></tr> <tr><td>HTTP Header</td> <td>Text or regex</td> <td>Set <code>Authorization</code> Header to match a specific API token value <code>Bearer ABUSIVE_TOKEN</code><br> <br> Can set up a rule that rate limits a specific API token</td></tr></tbody></table> <h3 id="published-and-unpublished-deploys"><a href="#published-and-unpublished-deploys" class="header-anchor">#</a> Published and unpublished deploys</h3> <p>Optimize your rate limiting rules for published or unpublished deploys.</p> <p>A published deploy is the current live deploy at a site’s main URL. Once a different deploy becomes live at the site’s main URL, that deploy becomes the published deploy for that site.</p> <p>An unpublished deploy can be a Deploy Preview, a branch deploy, or any other deploy not published at your site’s main URL, such as a new production deploy that has not published because you <a href="/site-deploys/manage-deploys/#locked-deploys">locked an older published deploy</a>.</p> <p>Learn more in our <a href="/site-deploys/overview/#definitions">deploys docs</a>.</p> <h3 id="limitations"><a href="#limitations" class="header-anchor">#</a> Limitations</h3> <p>The rate limiting feature includes these limits:</p> <ul><li>Each ruleset must have at least 1 rule.</li> <li>100 rules maximum per ruleset.</li> <li>A maximum of 2 rate limiting rulesets can be set per site — one for published deploys and one for unpublished deploys. You can apply the same ruleset to both or use two different ones.</li></ul> <h3 id="how-request-counts-are-calculated"><a href="#how-request-counts-are-calculated" class="header-anchor">#</a> How request counts are calculated</h3> <p>By default, Netlify calculates requests globally instead of by region. To set a limit for a specific region, you can add rule conditions that specify the geolocation/subregion you want the rule to apply to.</p> <p>You can specify how you’d like Netlify to count requests for each rule with our <a href="#request-aggregation-options">request aggregation options</a> in the Netlify UI.</p> <p>When calculating requests, there may be a window of time between when a client passes a limit and when Netlify starts enforcing the limit. This latency is minor and expected to be less than a second. Adding rules to your site won’t impact latency when serving assets.</p> <p>Given all the variations in traffic patterns, we recommend you try different settings to find what works best for your site and site visitors. Some experimentation is especially helpful when considering how much you want to optimize a site’s rate limiting to enforce a hard limit versus a more approximate limit.</p> <h3 id="request-aggregation-options"><a href="#request-aggregation-options" class="header-anchor">#</a> Request aggregation options</h3> <p>When creating a rule in the Netlify UI, under <strong>Request aggregation</strong>, you can choose between two different ways to calculate requests:</p> <ul><li><p><strong>Per domain (default)</strong>: all site visitors are limited to a shared limit with a specified number of requests per 60 seconds. This option is good for protecting your backend no matter who is visiting your site.</p></li> <li><p><strong>Per domain and IP address:</strong> each site visitor is limited to a specified number of requests per 60 seconds. This option is good for targeting potential bad actors.</p></li></ul> <h4 id="request-calculation-for-rate-limiting-per-domain"><a href="#request-calculation-for-rate-limiting-per-domain" class="header-anchor">#</a> Request calculation for rate limiting per domain</h4> <p>When you rate limit <strong>by domain</strong>, once the number of requests goes above the limit during specified time period, then we start banning the IPs with the highest rate.</p> <p>For example, if you set a limit of 300 requests, once the site reaches that limit, we ban the IP address with the highest request rate. We then adjust the currently counted requests with the traffic we’ve just banned, so other lower rate IPs are not affected.</p> <p>This means you may notice more than 300 requests for that time interval because, by banning those high rate IPs, there’s more request budget for other lower rate IPs. This continues until the request rate is under the defined limit.</p> <p>So if one IP address is behind most of the traffic, then you may detect a seesaw (repeated up and down) traffic pattern in your web traffic monitoring tools.</p> <p>When calculating the request count, Netlify assigns a weight to IP addresses based on the number of requests and how recently the requests were made. This allows Netlify to prioritize rate limiting IP addresses that are currently generating the largest amount of traffic until the desired limit is reached.</p> <h3 id="example-request-calculation-for-set-of-rules"><a href="#example-request-calculation-for-set-of-rules" class="header-anchor">#</a> Example request calculation for set of rules</h3> <p>To explain how we calculate requests, here’s an example of ruleset:</p> <p>Rule 1: Protect homepage</p> <ul><li>Rule triggered when requests match path <code>/index.html</code></li> <li>Limit: 10 requests per 60 seconds</li> <li>Action: Block and return 429 error</li> <li>Request aggregation: By domain (default)</li></ul> <p>Rule 2: Limit known API abusers</p> <ul><li>Rule triggered when requests have the header <code>Authorization</code> that equals <code>Bearer ABUSIVE-TOKEN</code>.</li> <li>Limit: 5 requests per 60 seconds</li> <li>Action: Block and return 429 error</li> <li>Request aggregation: By domain (default)</li></ul> <p>If the example ruleset above is applied to your site and your site has requests to path <code>/index.html</code> with an <code>Authorization</code> header with the same <code>Bearer ABUSIVE-TOKEN</code> value from rule 2, then we will count requests for both rules and start applying the first rule that has been triggered, by order of the definition you set in the UI.</p> <ul><li>If there are 7 requests per 60 seconds, then rule 2 is applied since rule 1’s threshold hasn’t been crossed</li> <li>If there are 10 requests per 60 seconds, then rule 2 is applied, since rule 1’s threshold hasn’t been crossed (you need 11 requests to cross it)</li> <li>If there are 20 requests per 60 seconds, then rule 1 is applied, since rule 1’s threshold has been crossed and is defined first. Although, rule 2 is triggered as well with 20 requests, we only apply one action (block with a 429 status code) per request.</li></ul> <div id="manage-rulesets" class="legacy-anchor"></div> <h3 id="manage-rulesets-in-the-ui"><a href="#manage-rulesets-in-the-ui" class="header-anchor">#</a> Manage rulesets in the UI</h3> <p>Rate limiting rules are managed in rulesets, which can be edited and applied to sites. Any changes in a ruleset take effect on all sites where the ruleset applies.</p> <p>Only Team Owners can create, edit, or delete a ruleset.</p> <p>A site can have a maximum of two rulesets applied, one for published deploys and one for unpublished deploys.</p> <p>Learn more in the next sections:</p> <ul><li><a href="#create-a-ruleset">Create a ruleset</a></li> <li><a href="#edit-a-ruleset">Edit a ruleset</a></li> <li><a href="#delete-a-ruleset">Delete a ruleset</a></li></ul> <h4 id="create-a-ruleset"><a href="#create-a-ruleset" class="header-anchor">#</a> Create a ruleset</h4> <p>To create a ruleset:</p> <ol><li><p>As a Team Owner, go to <div aria-label="Navigation path" class="nav-path-container"><strong>Team settings <span aria-hidden="true">></span> Access & security <span aria-hidden="true">></span> Rate Limiting <span aria-hidden="true">></span> Team rulesets</strong></div>.</p></li> <li><p>Select <strong>Create ruleset</strong>.</p></li> <li><p>Enter your ruleset name and description.</p></li> <li><p>Select <strong>Add a rule</strong> and follow the prompts. You can add up to 100 rules for a ruleset. When you add a rule, you can specify the following:</p> <ul><li><strong>Rule condition:</strong> defines when the rule is triggered. For an overview of your options, check out the <a href="#rule-conditions">rule conditions table</a>.</li> <li><strong>Limit:</strong> defines the number of requests allowed per 60 seconds.</li> <li><strong>Request aggregation:</strong> defines how we calculate and apply the limit for your rule. Includes <strong>Per domain (default)</strong> (ideal to protect your site’s backend) or <strong>Per domain and IP address</strong> (ideal to target a potential bad actor).</li> <li><strong>Action:</strong> defines what happens when the rate limit threshold is crossed. The action is applied for 60 seconds. Currently supports these actions: <ul><li><strong>Block:</strong> this action blocks access to the site and returns a <code>429</code> status code.</li> <li><strong>Rewrite to path:</strong> this action rewrites the request path with a new relative path that you specify. For example, you can rewrite requests to your own customized rate limit error page with a relative path such as <code>/rate_limit_page.html</code>.</li></ul></li></ul></li> <li><p>Confirm your rule by selecting <strong>Add rule</strong>.</p></li> <li><p>Optionally, repeat steps 4 and 5 to add more rules to your ruleset as needed.</p></li> <li><p>Save your ruleset.</p></li></ol> <p>Next, you can make your ruleset the <a href="#configure-a-team-policy-ruleset">team policy</a> or <a href="#apply-a-ruleset-to-a-site">apply it to an individual site</a>.</p> <h4 id="edit-a-ruleset"><a href="#edit-a-ruleset" class="header-anchor">#</a> Edit a ruleset</h4> <p>To edit a ruleset:</p> <ol><li><p>As a Team Owner, go to <div aria-label="Navigation path" class="nav-path-container"><strong>Team settings <span aria-hidden="true">></span> Access & security <span aria-hidden="true">></span> Rate Limiting <span aria-hidden="true">></span> Team rulesets</strong></div>.</p></li> <li><p>From your <strong>Team rulesets</strong>, select the ruleset you want to edit.</p></li> <li><p>Under your ruleset description, choose <strong>Edit ruleset</strong>.</p></li> <li><p>Make your changes and save.</p></li></ol> <p>Your ruleset’s updates will take effect in all sites where the ruleset is applied.</p> <h4 id="delete-a-ruleset"><a href="#delete-a-ruleset" class="header-anchor">#</a> Delete a ruleset</h4> <p>To delete a ruleset:</p> <ol><li><p>As a Team Owner, go to <div aria-label="Navigation path" class="nav-path-container"><strong>Team settings <span aria-hidden="true">></span> Access & security <span aria-hidden="true">></span> Rate Limiting <span aria-hidden="true">></span> Team Rulesets</strong></div>.</p></li> <li><p>From your <strong>Team rulesets</strong>, select the ruleset you want to delete.</p></li> <li><p>Under your ruleset description, choose <strong>Delete ruleset</strong>.</p></li></ol> <p>The ruleset will no longer apply to your sites.</p> <h3 id="apply-a-ruleset-to-a-site"><a href="#apply-a-ruleset-to-a-site" class="header-anchor">#</a> Apply a ruleset to a site</h3> <p>Only Team Owners can apply a ruleset to a site from the <strong>Site Configuration</strong> page in the Netlify UI.</p> <p>To apply a ruleset to a site:</p> <ol><li><p>For the desired site, go to <div aria-label="Navigation path" class="nav-path-container"><strong>Site configuration <span aria-hidden="true">></span> Access & security <span aria-hidden="true">></span> Rate limiting</strong></div>.</p></li> <li><p>Under <strong>Rulesets for [site name]</strong>, select <strong>Manage rulesets</strong>.</p></li> <li><p>Choose a ruleset option to apply to your site’s published deploys and/or unpublished deploys and select <strong>Save</strong>. If you already have a team policy ruleset configured, then you can override the team policy ruleset with a different ruleset.</p></li></ol> <div id="configure-a-team-policy-ruleset" class="legacy-anchor"></div> <h3 id="configure-a-team-policy-ruleset-in-the-ui"><a href="#configure-a-team-policy-ruleset-in-the-ui" class="header-anchor">#</a> Configure a team policy ruleset in the UI</h3> <p>To rate limit your team’s sites with a default ruleset, configure a team policy for your site’s published deploys and/or unpublished deploys.</p> <p>The team policy ruleset applies to all new and existing sites in your team. A Team Owner can override the team policy ruleset with a different ruleset for one site at a time.</p> <p>A maximum of 2 rate limiting rulesets can be set per site — one for published deploys and one for unpublished deploys. You can apply the same ruleset to both or use two different ones.</p> <p>As a Team Owner, to configure a team policy:</p> <ol><li><p>Go to <div aria-label="Navigation path" class="nav-path-container"><strong>Team settings <span aria-hidden="true">></span> Access & security <span aria-hidden="true">></span> Rate Limiting <span aria-hidden="true">></span> Team policy rulesets</strong></div>.</p></li> <li><p>Select <strong>Configure team policy</strong>.</p></li> <li><p>Choose a ruleset option for published deploys and/or unpublished deploys, then save your changes.</p></li></ol> <h2 id="set-rate-limiting-rules-in-code"><a href="#set-rate-limiting-rules-in-code" class="header-anchor">#</a> Set rate limiting rules in code</h2> <p>Set up programmatic rate limiting rules in your site code to do the following:</p> <ul><li>supplement the rules you enforce through the Netlify UI</li> <li>manage your rules in code using version control</li> <li>test out some rules for a single deploy before these rules apply across your site for multiple deploys</li></ul> <p>You can define programmatic rate limiting rules in your site’s code for <a href="/routing/redirects/">redirects</a>, <a href="/functions/overview/">functions</a> and <a href="/edge-functions/overview/">edge functions</a>.</p> <p>Note that Netlify calculates requests globally instead of by region for programmatic rules, just like Netlify does for rules defined in the Netlify UI.</p> <h3 id="rule-evaluation-order"><a href="#rule-evaluation-order" class="header-anchor">#</a> Rule evaluation order</h3> <p>Programmatic rate limiting rules are activated and enforced before any rate limiting rulesets that are defined in the Netlify UI.</p> <p>Netlify evaluates rate limiting rules in this order:</p> <ol><li>Edge functions</li> <li>Serverless functions</li> <li>Redirects</li> <li>Rulesets defined in the Netlify UI</li></ol> <h3 id="define-a-limit-in-code"><a href="#define-a-limit-in-code" class="header-anchor">#</a> Define a limit in code</h3> <div id="example-of-how-limits-are-calculated " class="legacy-anchor"></div> <p>The same general rate limiting calculations apply. Note that a programmatic rate limiting rule can only execute on the path you’ve defined for that rule.</p> <p>For example, if you set up the following:</p> <ul><li>a function on path <code>/function_path</code> with a rate limit rule</li> <li>a rewrite rule on path <code>/rewrite_path</code> that rewrites to <code>function_path</code></li></ul> <p>Then this is how requests to our CDN will result:</p> <ul><li>The rate limit rule is applied when there’s a request to <code>/function_path</code></li> <li>The rate limit rule <strong>is not</strong> applied when there's a request to <code>/rewrite_path</code></li></ul> <h4 id="define-a-limit-for-a-redirect-rule"><a href="#define-a-limit-for-a-redirect-rule" class="header-anchor">#</a> Define a limit for a redirect rule</h4> <p>In this example, there’s a redirect rule defined in a <code>netlify.toml</code> file:</p> <div class="language-toml extra-class"><pre class="language-toml"><code><span class="token key property">from</span> <span class="token punctuation">=</span> <span class="token string">"/some-path"</span> <span class="token key property">to</span> <span class="token punctuation">=</span> <span class="token string">"/function-path"</span> <span class="token key property">status</span> <span class="token punctuation">=</span> <span class="token number">200</span> <span class="token punctuation">[</span><span class="token table class-name">redirects.rate_limit</span><span class="token punctuation">]</span> <span class="token key property">window_limit</span> <span class="token punctuation">=</span> <span class="token number">50</span> </code></pre></div><p>In this redirect rule example, there is a limit of 50 requests for every 60 seconds.</p> <h4 id="define-a-limit-for-a-function"><a href="#define-a-limit-for-a-function" class="header-anchor">#</a> Define a limit for a function</h4> <p>In this example, a programmatic rate limit rule is defined for a function:</p> <div class="language-ts extra-class"><pre class="language-ts"><code><span class="token keyword">export</span> <span class="token keyword">default</span> <span class="token keyword">async</span> <span class="token punctuation">(</span>request<span class="token operator">:</span> Request<span class="token punctuation">,</span> context<span class="token operator">:</span> Context<span class="token punctuation">)</span> <span class="token operator">=></span> <span class="token punctuation">{</span> <span class="token comment">// ...</span> <span class="token punctuation">}</span><span class="token punctuation">;</span> <span class="token keyword">export</span> <span class="token keyword">const</span> config<span class="token operator">:</span> Config <span class="token operator">=</span> <span class="token punctuation">{</span> path<span class="token operator">:</span> <span class="token string">"/function-path"</span><span class="token punctuation">,</span> ratelimit<span class="token operator">:</span> <span class="token punctuation">{</span> windowLimit<span class="token operator">:</span> <span class="token number">100</span> <span class="token punctuation">}</span> <span class="token punctuation">}</span><span class="token punctuation">;</span> </code></pre></div><h4 id="calculate-a-limit-for-a-function-and-redirect-rule"><a href="#calculate-a-limit-for-a-function-and-redirect-rule" class="header-anchor">#</a> Calculate a limit for a function and redirect rule</h4> <p>If you have programmatic rate limiting rules set up for the <a href="#define-a-limit-for-a-function">function</a> and <a href="#define-a-limit-for-a-redirect-rule">redirect</a> examples shared above, then this is the order that Netlify enforces them:</p> <ol><li>If a request hits our CDN on <code>/some-path</code>, the 50 request limit applies</li> <li>If a request hits our CDN on <code>/function-path</code>, the 100 request limit applies</li> <li>If there’s another function also on <code>/some-path</code>, both that function’s limit and the redirect limit apply.</li></ol> <h3 id="track-rules-in-the-build-log"><a href="#track-rules-in-the-build-log" class="header-anchor">#</a> Track rules in the build log</h3> <p>You can find programmatic rules definitions for a relevant deploy and any related errors in your build log under <strong>Post-processing</strong>.</p> <p>Note the following:</p> <ul><li>An error for a programmatic rule definition cannot make the build fail.</li> <li>If your build fails for a deploy, then programmatic rules for that deploy will not apply.</li></ul> <h3 id="redirect-examples"><a href="#redirect-examples" class="header-anchor">#</a> Redirect examples</h3> <p>Programmatic rate limiting rules for redirects are only supported for redirects defined in <code>netlify.toml</code> and not those defined in a <code>_redirects</code> file.</p> <p>In this example, there’s a proxy redirect rule to an external API that you own. You can define a rate limit rule directly within your redirect definition, which will protect your API against unexpected increases in traffic. Here there’s a defined limit of 50 requests per client IP for every window length (each window is 60 seconds).</p> <div class="language-toml extra-class"><pre class="language-toml"><code><span class="token comment"># use-case: protecting external proxy</span> <span class="token punctuation">[</span><span class="token punctuation">[</span><span class="token table class-name">redirects</span><span class="token punctuation">]</span><span class="token punctuation">]</span> <span class="token key property">from</span> <span class="token punctuation">=</span> <span class="token string">"/search"</span> <span class="token key property">to</span> <span class="token punctuation">=</span> <span class="token string">"https://api.mysearch.com"</span> <span class="token key property">status</span> <span class="token punctuation">=</span> <span class="token number">200</span> <span class="token key property">force</span> <span class="token punctuation">=</span> <span class="token boolean">true</span> <span class="token punctuation">[</span><span class="token table class-name">redirects.rate_limit</span><span class="token punctuation">]</span> <span class="token key property">window_limit</span> <span class="token punctuation">=</span> <span class="token number">50</span> <span class="token key property">aggregate_by</span> <span class="token punctuation">=</span> <span class="token punctuation">[</span><span class="token string">"ip"</span><span class="token punctuation">,</span> <span class="token string">"domain"</span><span class="token punctuation">]</span> <span class="token comment"># optional, will default to "domain" only</span> <span class="token comment"># use-case: protecting entire site</span> <span class="token punctuation">[</span><span class="token punctuation">[</span><span class="token table class-name">redirects</span><span class="token punctuation">]</span><span class="token punctuation">]</span> <span class="token key property">from</span> <span class="token punctuation">=</span> <span class="token string">"/*"</span> <span class="token key property">to</span> <span class="token punctuation">=</span> <span class="token string">"/:splat"</span> <span class="token punctuation">[</span><span class="token table class-name">redirects.rate_limit</span><span class="token punctuation">]</span> <span class="token key property">action</span> <span class="token punctuation">=</span> <span class="token string">"rewrite"</span> <span class="token comment"># optional, will default to "rate_limit"</span> <span class="token key property">to</span> <span class="token punctuation">=</span> <span class="token string">"/custom_rate_limit.html"</span> <span class="token comment"># only needed if action is "rewrite"</span> <span class="token key property">window_limit</span> <span class="token punctuation">=</span> <span class="token number">50</span> <span class="token key property">aggregate_by</span> <span class="token punctuation">=</span> <span class="token punctuation">[</span><span class="token string">"domain"</span><span class="token punctuation">]</span> </code></pre></div><h3 id="function-edge-function-examples"><a href="#function-edge-function-examples" class="header-anchor">#</a> Function & edge function examples</h3> <p>Functions must have a <code>path</code> defined in the <code>config</code> export of the function, otherwise the custom rate limit will not be evaluated. We do not support rate limiting rules defined in the <a href="/edge-functions/declarations/#declare-edge-functions-in-netlify-toml"><code>netlify.toml</code> file</a>.</p> <p>In these examples, an edge function and serverless function are invoked on the root path of the site. To avoid unexpected overages on compute usage, we define a rate limit of 100 requests per client IP for every window length (each window is 60 seconds). Once a client is limited, it will be blocked and no invocation will occur.</p> <div class="theme-code-group" data-v-5f0a03e0><div class="theme-code-group__nav" data-v-5f0a03e0><ul role="tablist" class="theme-code-group__ul" data-v-5f0a03e0><li class="theme-code-group__li" data-v-5f0a03e0><button class="theme-code-group__nav-tab" data-v-5f0a03e0> Loading error: Refresh the page to access this code sample </button></li></ul></div> <div role="tabpanel" id="edge-function-example-tab" tabindex="0" class="theme-code-block" data-v-12d54b40><div class="language-ts extra-class" data-v-12d54b40><pre class="language-ts" data-v-12d54b40><code data-v-12d54b40><span class="token keyword" data-v-12d54b40>import</span> <span class="token keyword" data-v-12d54b40>type</span> <span class="token punctuation" data-v-12d54b40>{</span> Config<span class="token punctuation" data-v-12d54b40>,</span> Context <span class="token punctuation" data-v-12d54b40>}</span> <span class="token keyword" data-v-12d54b40>from</span> <span class="token string" data-v-12d54b40>"@netlify/edge-functions"</span><span class="token punctuation" data-v-12d54b40>;</span> <span class="token comment" data-v-12d54b40>// use-case: safeguarding your edge function usage/spend</span> <span class="token keyword" data-v-12d54b40>export</span> <span class="token keyword" data-v-12d54b40>default</span> <span class="token keyword" data-v-12d54b40>async</span> <span class="token punctuation" data-v-12d54b40>(</span>request<span class="token operator" data-v-12d54b40>:</span> Request<span class="token punctuation" data-v-12d54b40>,</span> context<span class="token operator" data-v-12d54b40>:</span> Context<span class="token punctuation" data-v-12d54b40>)</span> <span class="token operator" data-v-12d54b40>=></span> <span class="token punctuation" data-v-12d54b40>{</span> <span class="token comment" data-v-12d54b40>// ...</span> <span class="token punctuation" data-v-12d54b40>}</span><span class="token punctuation" data-v-12d54b40>;</span> <span class="token keyword" data-v-12d54b40>export</span> <span class="token keyword" data-v-12d54b40>const</span> config<span class="token operator" data-v-12d54b40>:</span> Config <span class="token operator" data-v-12d54b40>=</span> <span class="token punctuation" data-v-12d54b40>{</span> path<span class="token operator" data-v-12d54b40>:</span> <span class="token string" data-v-12d54b40>"/"</span><span class="token punctuation" data-v-12d54b40>,</span> rateLimit<span class="token operator" data-v-12d54b40>:</span> <span class="token punctuation" data-v-12d54b40>{</span> windowLimit<span class="token operator" data-v-12d54b40>:</span> <span class="token number" data-v-12d54b40>100</span><span class="token punctuation" data-v-12d54b40>,</span> aggregateBy<span class="token operator" data-v-12d54b40>:</span> <span class="token punctuation" data-v-12d54b40>[</span><span class="token string" data-v-12d54b40>"ip"</span><span class="token punctuation" data-v-12d54b40>,</span> <span class="token string" data-v-12d54b40>"domain"</span><span class="token punctuation" data-v-12d54b40>]</span><span class="token punctuation" data-v-12d54b40>,</span> <span class="token punctuation" data-v-12d54b40>}</span> <span class="token punctuation" data-v-12d54b40>}</span><span class="token punctuation" data-v-12d54b40>;</span> <span class="token comment" data-v-12d54b40>// same use-case</span> <span class="token keyword" data-v-12d54b40>export</span> <span class="token keyword" data-v-12d54b40>default</span> <span class="token keyword" data-v-12d54b40>async</span> <span class="token punctuation" data-v-12d54b40>(</span>request<span class="token operator" data-v-12d54b40>:</span> Request<span class="token punctuation" data-v-12d54b40>,</span> context<span class="token operator" data-v-12d54b40>:</span> Context<span class="token punctuation" data-v-12d54b40>)</span> <span class="token operator" data-v-12d54b40>=></span> <span class="token punctuation" data-v-12d54b40>{</span> <span class="token comment" data-v-12d54b40>// ...</span> <span class="token punctuation" data-v-12d54b40>}</span><span class="token punctuation" data-v-12d54b40>;</span> <span class="token keyword" data-v-12d54b40>export</span> <span class="token keyword" data-v-12d54b40>const</span> config<span class="token operator" data-v-12d54b40>:</span> Config <span class="token operator" data-v-12d54b40>=</span> <span class="token punctuation" data-v-12d54b40>{</span> path<span class="token operator" data-v-12d54b40>:</span> <span class="token string" data-v-12d54b40>"/"</span><span class="token punctuation" data-v-12d54b40>,</span> rateLimit<span class="token operator" data-v-12d54b40>:</span> <span class="token punctuation" data-v-12d54b40>{</span> action<span class="token operator" data-v-12d54b40>:</span> <span class="token string" data-v-12d54b40>"rewrite"</span> <span class="token comment" data-v-12d54b40>// optional, will default to "rate_limit"</span> to<span class="token operator" data-v-12d54b40>:</span> <span class="token string" data-v-12d54b40>"/custom_rate_limit.html"</span><span class="token punctuation" data-v-12d54b40>,</span> <span class="token comment" data-v-12d54b40>// only needed if action is "rewrite"</span> windowLimit<span class="token operator" data-v-12d54b40>:</span> <span class="token number" data-v-12d54b40>100</span><span class="token punctuation" data-v-12d54b40>,</span> aggregateBy<span class="token operator" data-v-12d54b40>:</span> <span class="token punctuation" data-v-12d54b40>[</span><span class="token string" data-v-12d54b40>"ip"</span><span class="token punctuation" data-v-12d54b40>,</span> <span class="token string" data-v-12d54b40>"domain"</span><span class="token punctuation" data-v-12d54b40>]</span><span class="token punctuation" data-v-12d54b40>,</span> <span class="token punctuation" data-v-12d54b40>}</span> <span class="token punctuation" data-v-12d54b40>}</span><span class="token punctuation" data-v-12d54b40>;</span> </code></pre></div></div> <div role="tabpanel" id="serverless-function-example-tab" tabindex="0" class="theme-code-block" data-v-12d54b40><div class="language-ts extra-class" data-v-12d54b40><pre class="language-ts" data-v-12d54b40><code data-v-12d54b40><span class="token keyword" data-v-12d54b40>import</span> <span class="token keyword" data-v-12d54b40>type</span> <span class="token punctuation" data-v-12d54b40>{</span> Config<span class="token punctuation" data-v-12d54b40>,</span> Context <span class="token punctuation" data-v-12d54b40>}</span> <span class="token keyword" data-v-12d54b40>from</span> <span class="token string" data-v-12d54b40>"@netlify/functions"</span> <span class="token comment" data-v-12d54b40>// use-case: safeguarding your serverless function usage/spend</span> <span class="token keyword" data-v-12d54b40>export</span> <span class="token keyword" data-v-12d54b40>default</span> <span class="token keyword" data-v-12d54b40>async</span> <span class="token punctuation" data-v-12d54b40>(</span>request<span class="token operator" data-v-12d54b40>:</span> Request<span class="token punctuation" data-v-12d54b40>,</span> context<span class="token operator" data-v-12d54b40>:</span> Context<span class="token punctuation" data-v-12d54b40>)</span> <span class="token operator" data-v-12d54b40>=></span> <span class="token punctuation" data-v-12d54b40>{</span> <span class="token comment" data-v-12d54b40>// ...</span> <span class="token punctuation" data-v-12d54b40>}</span><span class="token punctuation" data-v-12d54b40>;</span> <span class="token keyword" data-v-12d54b40>export</span> <span class="token keyword" data-v-12d54b40>const</span> config<span class="token operator" data-v-12d54b40>:</span> Config <span class="token operator" data-v-12d54b40>=</span> <span class="token punctuation" data-v-12d54b40>{</span> path<span class="token operator" data-v-12d54b40>:</span> <span class="token string" data-v-12d54b40>"/"</span><span class="token punctuation" data-v-12d54b40>,</span> rateLimit<span class="token operator" data-v-12d54b40>:</span> <span class="token punctuation" data-v-12d54b40>{</span> windowLimit<span class="token operator" data-v-12d54b40>:</span> <span class="token number" data-v-12d54b40>100</span><span class="token punctuation" data-v-12d54b40>,</span> aggregateBy<span class="token operator" data-v-12d54b40>:</span> <span class="token punctuation" data-v-12d54b40>[</span><span class="token string" data-v-12d54b40>"ip"</span><span class="token punctuation" data-v-12d54b40>,</span> <span class="token string" data-v-12d54b40>"domain"</span><span class="token punctuation" data-v-12d54b40>]</span><span class="token punctuation" data-v-12d54b40>,</span> <span class="token punctuation" data-v-12d54b40>}</span> <span class="token punctuation" data-v-12d54b40>}</span><span class="token punctuation" data-v-12d54b40>;</span> <span class="token comment" data-v-12d54b40>// same use-case</span> <span class="token keyword" data-v-12d54b40>export</span> <span class="token keyword" data-v-12d54b40>default</span> <span class="token keyword" data-v-12d54b40>async</span> <span class="token punctuation" data-v-12d54b40>(</span>request<span class="token operator" data-v-12d54b40>:</span> Request<span class="token punctuation" data-v-12d54b40>,</span> context<span class="token operator" data-v-12d54b40>:</span> Context<span class="token punctuation" data-v-12d54b40>)</span> <span class="token operator" data-v-12d54b40>=></span> <span class="token punctuation" data-v-12d54b40>{</span> <span class="token comment" data-v-12d54b40>// ...</span> <span class="token punctuation" data-v-12d54b40>}</span><span class="token punctuation" data-v-12d54b40>;</span> <span class="token keyword" data-v-12d54b40>export</span> <span class="token keyword" data-v-12d54b40>const</span> config<span class="token operator" data-v-12d54b40>:</span> Config <span class="token operator" data-v-12d54b40>=</span> <span class="token punctuation" data-v-12d54b40>{</span> path<span class="token operator" data-v-12d54b40>:</span> <span class="token string" data-v-12d54b40>"/"</span><span class="token punctuation" data-v-12d54b40>,</span> rateLimit<span class="token operator" data-v-12d54b40>:</span> <span class="token punctuation" data-v-12d54b40>{</span> action<span class="token operator" data-v-12d54b40>:</span> <span class="token string" data-v-12d54b40>"rewrite"</span> <span class="token comment" data-v-12d54b40>// optional, will default to "rate_limit"</span> to<span class="token operator" data-v-12d54b40>:</span> <span class="token string" data-v-12d54b40>"/custom_rate_limit.html"</span><span class="token punctuation" data-v-12d54b40>,</span> <span class="token comment" data-v-12d54b40>// only needed if action is "rewrite"</span> windowLimit<span class="token operator" data-v-12d54b40>:</span> <span class="token number" data-v-12d54b40>100</span><span class="token punctuation" data-v-12d54b40>,</span> aggregateBy<span class="token operator" data-v-12d54b40>:</span> <span class="token punctuation" data-v-12d54b40>[</span><span class="token string" data-v-12d54b40>"ip"</span><span class="token punctuation" data-v-12d54b40>,</span> <span class="token string" data-v-12d54b40>"domain"</span><span class="token punctuation" data-v-12d54b40>]</span><span class="token punctuation" data-v-12d54b40>,</span> <span class="token punctuation" data-v-12d54b40>}</span> <span class="token punctuation" data-v-12d54b40>}</span><span class="token punctuation" data-v-12d54b40>;</span> </code></pre></div></div></div></div>  <div class="content__default wrapper__last_updated"><time datetime="2024-07-26"> Last updated: July 26, 2024 </time></div>  <div class="feedback"><div class="media"><div class="media__body"><h4 class="media__title"> Did you find this doc useful? </h4>  <p class="media__copy"> Your feedback helps us improve our docs. </p>  </div> <div class="media__figure"><button aria-label="upvote" class="feedback__vote feedback__vote--upvote"><svg xmlns="http://www.w3.org/2000/svg" width="64" height="64" aria-hidden="true"><g fill="none" fill-rule="evenodd"><circle cx="32" cy="32" r="32" fill="none" fill-rule="nonzero"></circle> <g stroke="currentColor" stroke-linecap="round" stroke-linejoin="round" stroke-width="2"><path d="M40 29h-7.645l1.473-3.889c.377-.996.042-2.135-.803-2.73-.963-.679-2.263-.427-2.936.569L26 29v9a4 4 0 0 0 4 4h6.517c1.51 0 2.893-.852 3.573-2.203L42 36v-5a2 2 0 0 0-2-2zM22 29v12"></path></g></g></svg></button><button aria-label="downvote" class="feedback__vote feedback__vote--downvote"><svg xmlns="http://www.w3.org/2000/svg" width="64" height="64" aria-hidden="true"><g fill="none" fill-rule="evenodd"><circle cx="32" cy="32" r="32" fill="none" fill-rule="nonzero"></circle> <g stroke="currentColor" stroke-linecap="round" stroke-linejoin="round" stroke-width="2"><path d="M23 35h7.645l-1.473 3.889c-.377.996-.042 2.135.803 2.73.963.679 2.263.427 2.936-.569l4.09-6.05v-9a4 4 0 0 0-4-4h-6.518c-1.51 0-2.893.852-3.573 2.202L21 28v5a2 2 0 0 0 2 2zM41 35V23"></path></g></g></svg></button></div></div> <div><form class='form form--floating-labels feedback__form--appear' method='post' name='feedback'><input type="hidden" name="form-name" value="feedback"> <input type="hidden" name="path" value="/security/secure-access-to-sites/rate-limiting/"> <input type="hidden" name="vote" value=""> <label class="visuallyhidden"> Do not fill in this field <input name="verification" value=""></label> <div class="form__field"><label><div class="form__label"> What else would you like to tell us about this doc? </div> <textarea name="feedback" class="form__textarea"></textarea></label></div> <div class="btn-group"><button disabled="disabled" class="btn"> Send </button></div></form></div></div> <footer class="footer"><div class="footer-wrapper"><nav aria-label="Footer navigation" class="footer-nav"><ul class="footer__nav"><li class="footer__nav-item"><a href="https://netlify.com/" class="footer__nav-link"> Netlify </a></li> <li class="footer__nav-item"><a href="https://netlify.com/careers/" class="footer__nav-link"> Careers </a></li> <li class="footer__nav-item"><a href="https://netlify.com/blog/" class="footer__nav-link"> Blog </a></li> <li class="footer__nav-item"><a href="https://www.netlify.com/legal/terms-of-use/" class="footer__nav-link"> Terms </a></li> <li class="footer__nav-item"><a href="https://www.netlify.com/privacy/" class="footer__nav-link"> Privacy </a></li></ul></nav> <div class="dark-mode-widget footer__theme-toggle" data-v-0d17f8d5><label for="theme-select" class="visuallyhidden" data-v-0d17f8d5>Select a theme</label> <div class="forms-select-c" data-v-0d17f8d5><div class="theme-toggle-icon" data-v-0d17f8d5><svg width="14" height="14" viewBox="0 0 14 14" fill="none" xmlns="http://www.w3.org/2000/svg" data-v-0d17f8d5><path fill-rule="evenodd" clip-rule="evenodd" d="M14 7C14 10.866 10.866 14 7 14C3.13401 14 0 10.866 0 7C0 3.13401 3.13401 0 7 0C10.866 0 14 3.13401 14 7ZM7 12.2C6.99999 12.2 7.00001 12.2 7 12.2C4.12812 12.2 1.8 9.87188 1.8 7C1.8 4.12812 4.12812 1.8 7 1.8C7.00001 1.8 6.99999 1.8 7 1.8V12.2Z" fill="currentColor"></path></svg>  </div> <select value="system" name="theme-select" id="theme-select" class="forms-input"> <option value="system" data-v-0d17f8d5>System</option><option value="light" data-v-0d17f8d5>Light</option><option value="dark" data-v-0d17f8d5>Dark</option></select> <svg width="21" height="13" viewBox="0 0 21 13" fill="none" xmlns="http://www.w3.org/2000/svg" class="icon-arrow-down forms-select-c-arrow"><path d="M20.7656 1.82812C21.0156 2.10938 21.0156 2.375 20.7656 2.625L10.9219 12.4688C10.6719 12.7188 10.4219 12.7188 10.1719 12.4688L0.328125 2.625C0.078125 2.375 0.078125 2.10938 0.328125 1.82812L1.26562 0.9375C1.51562 0.65625 1.78125 0.65625 2.0625 0.9375L10.5469 9.375L19.0312 0.9375C19.3125 0.65625 19.5781 0.65625 19.8281 0.9375L20.7656 1.82812Z"></path></svg></div></div></div> <p class="footer__copyright">© 2024 Netlify</p></footer></section></main></div><div class="global-ui"></div></div> <script src="/assets/js/app.cc2f9ad6.js" defer></script><script src="/assets/js/10.a8fb7bb3.js" defer></script><script src="/assets/js/2.01499542.js" defer></script><script src="/assets/js/208.0a63108d.js" defer></script><script src="/assets/js/14.ac5e30c4.js" defer></script><script src="/assets/js/9.ad446dfa.js" defer></script><script src="/assets/js/16.dc8f34ea.js" defer></script><script src="/assets/js/15.6d589b72.js" defer></script><script src="/assets/js/3.9ee141f4.js" defer></script> <script src="/netlify-cnm/cnm.js" async defer></script> <script async id="netlify-rum-container" src="/.netlify/scripts/rum" data-netlify-rum-site-id="90a54386-9477-4113-bd6a-b9227b573d00" data-netlify-deploy-branch="main" data-netlify-deploy-context="production" data-netlify-cwv-token="eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJzaXRlX2lkIjoiOTBhNTQzODYtOTQ3Ny00MTEzLWJkNmEtYjkyMjdiNTczZDAwIiwiYWNjb3VudF9pZCI6IjU4ZGE4ODkzZDY4NjVkMzVjOTJhNzJiOCIsImRlcGxveV9pZCI6IjY3NDYyNTk0MTY2YmQ1MDAwOGJkMjJiOCIsImlzc3VlciI6Im5mc2VydmVyIn0.5JYS7P1qEHDOiNJnm4w671aLfC1I2tJgug7qA8UN6IM"></script><script type="text/javascript"> if (window.location.host === "docs.netlify.com") { !function(){var analytics=window.analytics=window.analytics||[];if(!analytics.initialize)if(analytics.invoked)window.console&&console.error&&console.error("Segment snippet included twice.");else{analytics.invoked=!0;analytics.methods=["trackSubmit","trackClick","trackLink","trackForm","pageview","identify","reset","group","track","ready","alias","debug","page","once","off","on","addSourceMiddleware","addIntegrationMiddleware","setAnonymousId","addDestinationMiddleware"];analytics.factory=function(e){return function(){var t=Array.prototype.slice.call(arguments);t.unshift(e);analytics.push(t);return analytics}};for(var e=0;e<analytics.methods.length;e++){var key=analytics.methods[e];analytics[key]=analytics.factory(key)}analytics.load=function(key,e){var t=document.createElement("script");t.type="text/javascript";t.async=!0;t.src="https://cdn.segment.com/analytics.js/v1/" + key + "/analytics.min.js";var n=document.getElementsByTagName("script")[0];n.parentNode.insertBefore(t,n);analytics._loadOptions=e};analytics.SNIPPET_VERSION="4.13.1"; analytics.load("kjz0qkJslzzHMcNGI3GkDb9HDZ6vspYZ"); }}(); } </script></body> </html>