Rate Limiting

Rate limiting restricts requests that exceed the defined access frequency to the website.

Configuration:

• Rule Name and Description

• Triggering Condition:

  • Path: Define the request path to be monitored.
  • Key: Select one or more identifiers to track access frequency, including IP, fingerprint, and cookie ID.
  • Rate Measurement: Choose the method to calculate the request rate:
    • Queries per second
    • Queries per time window
  • Device Type: Specify the type of client device to which the rule applies.

• Dynamic Action: A protection strategy that makes response behaviour unpredictable to bypass repetitive attacks.

  1. When the triggering condition is met, the system applies a protection action based on the triggering probability.
  2. An action is randomly selected from the configured action set.

  Parameters:

  • Triggering Probability: Set the likelihood of triggering an action.
  • Action Set: Include one or more actions: block, redirect, bypass, return HTML, or skip.
  • Delay: Set the delay (in seconds) before executing the action.
  • Response: Configure the response behaviour - return a specific status code, redirect path or HTML file.

• Auto Web ACL:

  • Key: Define the identifier to apply access control (IP or fingerprint).
  • Duration: Set the period during which the key remains blocked.

• Target Site: Select the website to apply the rule.