A rate limiting policy is used to limit the rate at which request objects access specified URLs to intercept malicious bot traffic. In addition to rate limiting, you can add other limitations, such as the number or proportion of specific response codes to limit the access requests of request objects.
Rate limiting rule
|Rule Name||The name of the rule. We recommend that you set a name that reflects the meaning of the rule.|
|URL||The URL to which the rule is applied, such as
Note This field cannot be empty.
Note You can enter a parameter-carrying URL, such as
|Request Object||The entity that is counted by the rule. The request object can be an IP address, default cookie, custom header, parameter, or a field in the cookie.
|Duration||The period when the rule counts request times.|
|Requests||The maximum number of request times accumulated by a single request object during the configured statistical period.
Note In addition to the request times limit, you can add a response code limit condition, such as a maximum of 300 accumulated request times with Response Code 503 and 70% of request times with Response Code 503. The action specified by the rule is triggered only when the counted request times exceed the maximum number and the number or proportion of request times meets the response code limit condition.
|Rule Action||The action triggered when the rule condition is met.
- Log on to the Anti-Bot console, and select the region where your Anti-Bot instance is located.
- Choose . Select the domain name of the protected website.
- Turn on Enable to enable the rate limiting policy.
- Click Add to configure a rate limiting rule. Then, click OK. For example, you can configure the Block action to be triggered when a single source IP address initiates more than 1,000 access requests to
1.test.com/login.htmlwithin 5 minutes (300 seconds) and the proportion of accumulated requests with Response Code 404 exceeds 80%, and block the IP address for 30 minutes. This configuration only takes effect for the rule-specified URL 1.test.com/login.html.