How do I use Rate Limiting to protect against brute-force attacks?

A brute-force attack is a attempt to log in to an account by trying many password combinations rapidly in order to compromise security. Because these attacks are sent at a much faster rate than a human being is able to, you can protect your site with a Cloudflare Rate Limiting rule.

You can configure Cloudflare Rate Limiting in the Firewall app under the Tools tab of the Cloudflare dashboard.

Rate Limiting features a one-click Protect Your Login tool that creates a rule to block the client for 15 minutes when sending more than 5 POST requests within 5 minutes. This is sufficient to block most brute-force attempts.

If you prefer to create a custom rate limiting rule to block brute-force attacks, see Configuring Rate Limiting from the Cloudflare Dashboard.

Not finding what you need?

95% of questions can be answered using the search tool. This is the quickest way to get a response.

Powered by Zendesk