Cloudflare Docs

Cloudflare Docs

Overview
About
Custom Rules
Custom Firewall rules
Create Custom Firewall rules in the dashboard
Create Custom Firewall rules via API
Configure a rule with the Skip action
API examples
Skip options
Rate Limiting rules
Determining the request rate
Create Rate Limiting rules in the dashboard
Create Rate Limiting rules via API
Rate limiting parameters
Common use cases
Manage Custom Rules in the dashboard
Managed Rulesets
Cloudflare Managed Ruleset
Cloudflare OWASP Core Ruleset
Cloudflare Exposed Credentials Check
Deploy Managed Rulesets for a zone
Deploy rulesets via API
Defining WAF exceptions
Define WAF exceptions in the dashboard
Define WAF exceptions via API
Log the payload of matched rules
Configure payload logging in the dashboard
View the payload content in the dashboard
Configure payload logging via API
Command-line operations
Generate a key pair
Decrypt the payload content
Automated exposed credentials check
How exposed credentials checks work
Configure exposed credentials checks via API
Test your exposed credentials checks configuration
Monitor exposed credentials events
Analytics
Free plan
Paid plans
Additional information
Alerts
Change log
Scheduled changes
2022-02-28
2022-02-21
2022-02-14
2022-01-24
2021-12-16 – Emergency
2021-12-14 – Emergency
2021-12-10 – Emergency
2021-11-01
2021-10-25
2021-10-19
2021-10-04
2021-09-06
2021-09-01 – Emergency
2021-08-31
2021-08-23
2021-08-16
2021-07-26
2021-07-19
2021-07-01 – Emergency
2021-06-21
2021-06-14
2021-06-07
2021-06-01
2021-04-21 – Emergency
2021-04-19
2021-03-22
2021-03-08
2021-03-06 – Emergency
2021-03-05 – Emergency
2021-03-01
2020-12-14
2020-12-02
2020-11-16
2020-11-05 – Emergency
2020-11-04 – Emergency
2020-10-19
2020-10-12
2020-10-05
2020-09-28
2020-09-21
2020-09-15
2020-09-07
2020-08-24
2020-09-01
2020-07-27
2020-08-03
2020-07-20
2020-07-07 – Emergency
2020-07-13
2020-06-22
2020-06-15
2020-06-08
2020-05-25
2020-05-11
2020-05-04
2020-04-27
2020-04-20
2020-04-06
2020-03-30
2020-03-23
2020-03-12
2020-03-09
2020-03-02 – Emergency
2020-02-17
2020-02-10
2020-01-27
2020-01-20
2020-01-16 – Emergency
2019-12-16
2019-11-25 – Emergency
2019-11-12
2019-11-07 – Emergency
2019-11-04
2019-10-27 – Emergency
2019-10-23 – Emergency
2019-10-21
2019-10-17 – Emergency
2019-10-14
2019-10-07
2019-09-30
2019-09-26 – Emergency
2019-09-16
Historical

Create Rate Limiting rules in the dashboard

Create Rate Limiting rules under the Custom Rules tab in the Firewall app.

Create a Rate Limiting rule

To create a new Rate Limiting rule:

Log in to the Cloudflare dashboard, and select your account and website.
Navigate to Firewall > Custom Rules.
Click Create Custom rule > Rate limiting rule.
In the page that displays, enter a descriptive name for the rule in Rule name.
Under If incoming requests match, use the Field drop-down list to choose an HTTP property. For each request, the value of the property you choose for Field is compared to the value you specify for Value using the operator selected in Operator.
Under With the same, add one or more characteristics that will define the request counters for rate limiting purposes. Each value combination will have its own counter to determine the request rate. Refer to Determining the request rate for more information.
Under And rate exceeds, define the rate limit and the time period to consider when determining the request rate.
Select the rule action from the Choose action drop-down list. For example, selecting Block tells Cloudflare to refuse requests in the conditions you specified when the request limit is reached.
Under For, select the mitigation timeout. This is the time period during which Cloudflare applies the select action once the request rate is reached.
To save and deploy your rule, click Save and Deploy. If you are not ready to deploy your rule, click Save as Draft.