Why doesn't my Rate Limiting rule match a request?


There are a few common issues that will prevent rules from matching requests:

  • Your rule includes a scheme, e.g. "https://example.com/*" versus "example.com/*". Schemes should not be included in rule patterns, and will prevent rules from matching. Removing the scheme will fix the issue. If you do wish to limit rules to matching on HTTP or HTTPS traffic only, you should instead use the schemes array in the request match, e.g. "schemes": [ "HTTPS" ]
  • Your rule is missing a trailing slash character. While many web servers will treat requests for "example.com/path/" and "example.com/path" as equivalent (both will return the index page for the path directory), these are not equivalent in Rate Limiting pattern matching. We do handle the most common case (the homepage) automatically, such that "example.com" and "example.com/" are handled the same, but cannot do this for other pages. If you need to match both, you should either create multiple rules or use a wildcard. "example.com/path/" and "example.com/path" should be used if you want to match that path and that path only, whereas "example.com/path*" is appropriate if you wish to match that path and all resources under it.
  • Your pattern includes a query string (e.g. example.com/path?foo=bar) or anchor (e.g. example.com/path#section1). Rate limiting patterns cannot match against these URL components and including them will prevent the rule from matching any requests. Note that this means rules will match regardless of the query string or anchor: a rule like example.com/path will match requests for example.com/path?foo=bar.
  • A firewall whitelist rule matches this client. Any matching whitelist, including whitelists for geographic regions, will exempt clients from rate limiting.
Not finding what you need?

95% of questions can be answered using the search tool. This is the quickest way to get a response.

Powered by Zendesk