This article explains the legacy version of
Take into consideration the following factors when setting up a rate limiting policy:
Requests to each delivery platform are counted separately.
This scenario assumes the following rate limiting policy:
It also assumes the following traffic levels for a single client:
The above client will be rate limited as follows:
Apply a hostname and/or URL path scope to each individual rule to restrict inspection to qualified requests.
Define a scope to ensure that a rate limit is only applied to intended traffic.
Please ensure that scope configurations don't conflict with the rule's conditions.
To define a rate limiting policy
Navigate to the Rules Configuration page.
Toggle the Edit Rate Limiting Rules option.
Optional. Define a hostname and/or URL path scope for this rate limiting rule through the Hostname and URL path(s) options. Only requests that match the specified pattern will be rate limited.
Select one of the following modes:
Exact match (multiple entries): Applies the rate limit to the specified hostname(s) or URL path(s).
Regex match: Applies the rate limit to all hostnames or URL paths that satisfy the specified regular expression pattern.
Wildcard match: Applies the rate limit to all hostnames or URL paths that satisfy the specified wildcard pattern.
By default, a scope condition will only be satisfied when an exact match is found. Enable the Negative match option to configure a scope condition to look for requests that do not match the specified value.
Optional. Create a condition group to identify the types of requests that qualify for rate limiting.
In the Match by option, select the method by which requests will be identified.
If this option is set to "Request header," then select the desired request header from the Request header name option.
In the Value(s) option, type a value that must be met before a request will count towards the rate limiting policy.
Repeat this step as needed. Place each desired value on a separate line.
Choose whether this condition will be satisfied when a request matches or does not match a value defined in the Value(s) option.
Optional. Add another condition to the current condition group by clicking + New condition and then repeating steps iii - vii.
If a condition group has been defined, then a request must satisfy all of the conditions within at least one condition group in order to be eligible for rate limiting.
Optional. Create another condition group by following steps i - viii.
Multiple condition groups provide the means for identifying different types of requests for the purpose of rate limiting.
In the Duration option, select the time period for which the action selected in the next step will be applied to clients that exceed the rate limit defined in this rule.
A "client" is defined by each rule according to the Apply rate limit to option. For example, configuring that option to "Any request" will apply the selected action to all requests regardless of the number of requests generated by each device. Alternatively, identifying clients by "IP Address" will only apply the selected action to requests that originate from each IP address that violates the specified rate limit.
In the Action Type option, configure the action that will be taken when a request exceeds the rate limit.
Adding a rule does not save your changes. You must also apply and save your changes as described in the final step of the above procedure.
Track the date/time (GMT) for the most recent change to a Rate Limiting rule via the Last Modified label in the upper-right hand corner of the Rate Limiting Rules page.