Rate limiting
The topic describes the steps to configure rate-limiting WAF rule to protect your endpoints and services.
Rate limiting protects endpoints and other services from brute-force attacks. You can create multiple rules based on your requirements. When you define rate-limit rules, the rules can take the following three actions on threat actors:
  • Send an alert
  • Block the IP address
  • Suspend the threat actor for some time
Rate limiting rule applies to an external IP address.
Creating a rate-limiting rule consists of three steps:

1. Create a rate limit rule

Navigate to Administration (
) > Policies > Custom and click on Create Rule to start creating a rate-limiting rule.

2. Apply rate limit rule to endpoint

When you create a rate limit rule, by default, it does not apply to any endpoint. You have to choose the endpoint on which you want to apply the rule. If you have multiple rate-limiting rules, you can apply one of them to an endpoint. Complete the following steps to apply the rate-limit rule:
  1. 1.
    Navigate to API Endpoints and click on the endpoint under the NAME column on which you want to apply the rate-limit rule.
2. On the endpoint page, click on the (
) icon on the top-right corner to display the rate-limiting drop-down list.
When an IP address is blocked because of breaching the rate limit, it is globally blocked to access any other API Endpoints.

3. Verify rate limit rule

You can verify that the rate limit has been applied to the endpoint by navigating to the Security Settings page. When you click on the rate-limit rule, it displays the endpoints on which the specific rule is applied. You can also delete the rate-limit rule by clicking on the
Last modified 2mo ago