Troubleshoot common issues that prevent proper Rate Limiting request matches as well as cause errors via the Cloudflare API.
A few common Rate Limiting configuration issues prevent proper request matches:
- Including HTTP or HTTPS protocol schemes in rule patterns (such as https://example.com/*). To restrict rules to match only HTTP or HTTPS traffic, use the schemes array in the request match, e.g. "schemes": [ "HTTPS" ]
- Forgetting a trailing slash character (/). Cloudflare Rate Limiting only treats requests for the homepage (such as example.com and example.com/) as equivalent, but not any other path (such as example.com/path/ and example.com/path). To match request paths both with and without the trailing slash, use a wildcard match (such as example.com/path*)
- Including a query string or anchor (such as example.com/path?foo=bar or example.com/path#section1). A rule like example.com/path will match requests for example.com/path?foo=bar.
- Overriding a rate limit with IP Access Rules.
Also, there are a few common errors that prevent configuring Rate Limiting via the Cloudflare API:
- Decoding is not yet implemented - Indicates that your request is missing the Content-Type: application/json header. Add the header to your API request to fix the issue.
- Ratelimit.api.not_entitled - Enterprise customers must contact their Cloudflare Account Team before adding rules.
- Other errors are documented in the API documentation. If you're unsure about a particular error, contact Cloudflare Support and provide the failed API request after redacting your API key.