Powered by the Edge Security Acceleration (ESA) AI engine, the smart rate limiting feature simplifies the rate limiting setup for security-conscious entry-level users. When you activate smart rate limiting and select a protection level, ESA establishes a baseline and adjusts the rate limits every 24 hours by analyzing access frequency data from your website over the past seven days.
Enable smart rate limiting
The smart rate limiting feature automatically identifies traffic of unauthorized access. The ESA AI engine analyzes access to websites in the last seven days and dynamically adjusts the protection thresholds. You only need to select a protection level. The system continuously optimizes security policies and automatically blocks attacks around the clock without manual configuration, effectively reducing service security risks.
Disable Smart Rate Limiting prior to any anticipated surge in online business activity to prevent false positives.
After Smart Rate Limiting is enabled, it takes about 10 seconds for the feature to become active. The IP address that triggered rate limiting is blocked for 24 hours. If you do not want to block the IP address, you can add it to the whitelist.
In the ESA console, choose Websites and click the website name you want to manage.
In the left-side navigation pane, choose .
In the Overview tab, in the Smart Rate Limiting section, click Configure. Enable Status and select your desired Protection Level and Action.
NoteFor details about how to select a protection level, see Protection level.
For details about actions, see Action.
Protection level
Protection levels
Strict: It is recommended to enable strict mode when malicious attacks occur. The initial frequency for a single IP is 40 requests/10 seconds. It automatically adjusts every 24 hours based on historical data once enabled.
Medium: Default. It is recommended for daily use. The initial frequency for a single IP is 200 requests/10 seconds. It automatically adjusts every 24 hours based on historical data once enabled.
Loose: It is recommended when false positives occur. The initial frequency for a single IP is 4000 times/10 seconds. It automatically adjusts every 24 hours based on historical data once enabled.
Action
JavaScript Challenge: This indicates that WAF issues a JavaScript code snippet to the client, which a standard browser can execute automatically. Once the client successfully runs the JavaScript, WAF permits all subsequent requests from that client for a set duration (default is 30 minutes) without the need for further authentication. If not, it blocks the requests.
Monitor: Requests that match the rule are not blocked but are logged instead. You can review these logs to assess the rule's effectiveness to ensure that legitimate requests are not blocked. This mode is helpful for testing newly implemented rules. Once you've confirmed that the rule does not cause false positives, you can switch it to the Block mode.
NoteSimple Log Service must be activated to query logs.
Block: When a request matches a rule, it is blocked and a response page indicating the action is sent back to the requesting client. You can also configure a custom error page.