Rate-Limit Rules
Rate-Limit rules are used to limit the rate of requests to your server. This is useful for preventing DDoS attacks and for limiting the load on your server.
How to create a rate-limit rule
Creating a rate-limit rule is a three step process:
- Define the destination IP address or subnet.
- Define match conditions.
- Define the rate-limit.
Step 1: Define the destination IP address or subnet
You’re able to select a specific IP address or a subnet.
Step 2: Define match conditions
You’re able to match traffic on the following parameters:
- Source IP address
- Protocol
- Fragment
- TCP Flags
- (Destination, Source) Port
- ICMP Type
- ICMP Code
- Packet Length
- DSCP
Multiple matches for the same parameter can be added.
Step 3: Define the rate-limit
You’re able to define a rate-limit in:
- bps (bites per second)
- Kbps (kilobits per second)
- Mbps (megabits per second)
- Gbps (gigabits per second)
Rate-Limit Rule Types
We offer two types of rate-limit rules:
The protection flow is as follows:
Pre-Protection Rate-Limit Rules
Pre-Protection rate-limit rules are not available yet.
Pre-Protection rate-limit rules are applied before the traffic flows through the DDoS protection stack. This means you have fine control over the traffic that might trigger DDoS protection thresholds.
Post-Protection Rate-Limit Rules
Post-Protection rate-limit rules are applied after the traffic has passed through the DDoS protection stack. It is recommended to use these rules to limit the traffic-rate to something your server can handle in case there is too much leakage through the DDoS protection stack.