Configuring Rate Limiting from the Cloudflare Dashboard

When you press "Create" you will see the basic Configuration UI.  For most users, this should be sufficient to create a rate limit rule.

Basic Configuration

1. Enter a URL.  If you do not include a scheme, it will match both http and https.  If you only want one, enter it explicitly (e.g.*)

2. Enter an integer > 1 that represent the  number of requests in a sampling period.

3. Use the drop-down to select the sampling period (the period during which requests are counted)

4. Dropdown to select the duration of the block once a threshold has been triggered.

5. Advanced Criteria for more complex rules involving http method and response code. (Business and Enterprise only)

6. Advanced Response for more complex rules serving a custom error response or, if you have ELS, a log-only ("simulate") mode.

Advanced Criteria

1. Select from possible http methods.  Or select ANY (and only ANY) to return to any method.

2. Enter the origin response code you want to count.  For example, for auth failures you could use 403 (or whatever your app uses)

Advanced Response

1. You can use the dropdown to select a custom JSON or custom TEXT.  If you want Custom HTML, go to the Menu > Customize > Rate Limiting

2. For ELS customers, you can select Simulate, which will only log the rule, but not block.

List of Rules


This screen shows you the list of existing rules.

1.  The drop-down lets you change the state from "Live" (blocking real traffic), "Simulate" (logging to Enterprise Log Share but not blocking), or "Paused" -- doing nothing

2. This edit button will pull up the same modal shown above for creating a rule to allow you to edit existing values

3. This will delete the rule (after you confirm the pop-up)



Still not finding what you need?

The Cloudflare team is here to help. 95% of questions can be answered using the search tool, but if you can’t find what you need, submit a support request.

Powered by Zendesk