# Path & Extension Based Rate Limiting

### Overview

Path & Extension Based Rate Limiting allows you to define traffic limits based on specific URL paths and/or file extensions (e.g., `/api` , `/login`, `.pdf`, `.jpg`). This enables targeted protection for sensitive endpoints or static resources by enforcing custom request limits per rule.

Path & Extension Based Rate Limiting is available under **Page Rules** for **Small, Large and Dynamic** accounts. It remains **OFF by default** and must be explicitly enabled per rule, even when global **Rate Limiting** is ON.

#### Activation Requirements

* **Rate Limiting must be enabled** globally under the **Security** tab.
* Path & Extension Based Rate Limiting is disabled by default, even when Rate Limiting is ON.
* Rules are created under the **Page Rules** section of the panel.
* You can define **different rate limits** for each path or file type, separate from the base rule.
* **Whitelist IPs** are managed from a **single global pool**; no separation exists between general Rate Limiting and Path & Extension Based Rate Limiting.

### Rule Behavior

Each Path & Extension Based Rate Limiting rule inherits global Rate Limiting settings (request limit, burst, time window, etc.), but allows you to scope limits to a specific path or file extension.

### Configuration Fields

| Field              | Description                                               |
| ------------------ | --------------------------------------------------------- |
| **Path**           | Target path (e.g., `/api/login`)                          |
| **File Extension** | Target extensions (e.g., `.pdf`, `.jpg`, `.html`)         |
| **Request Limit**  | Requests per second/minute (inherited from global config) |
| **Burst**          | Number of extra allowed requests before enforcing limits  |

{% hint style="info" %}
If the account's default Cache Type is **dynamic** or **edge**, you must explicitly define the same **Cache Type** in the Page Rule when applying Path & Extension Based Rate Limiting; otherwise, caching for that path or extension will fall back to **origin**, and response behavior will rely on origin headers.
{% endhint %}

### How to Configure

1. Navigate to the **Page Rules** section in the Medianova panel.
2. Click **Add Rule**.
3. In the rule editor, define:
   * **Path** (e.g., `/login`)
   * **File Extensions** (e.g., `.pdf`, `.jpg`)
4. Select and enable **Rate Limiting** toggle inside the rule.
5. Set:
   * **Request Limit** (100–1000)
   * **Time Window** (Per Second or Per Minute)
   * **Burst** value (optional)
6. If your account’s default **Cache Type** is `dynamic` or `edge`, add the same `Cache Type` field to this rule explicitly.

{% hint style="info" %}
Page Rules are processed **in order**, from top to bottom. If multiple rules match the same path or file, **only the first matching rule is applied**. Make sure your rate limiting rule is placed before broader or less restrictive rules.
{% endhint %}

### Example Rule

```yaml
Path: /reports
File Extensions: .pdf
Request Limit: 100
Time Window: Per Minute
Burst: 20
```

This rule limits `.pdf` file requests under `/reports` to 100 per minute, allowing 20 additional burst requests before applying the rate limit.

<figure><img src="/files/NtZHr1OLaPZqrNHkI5Gd" alt="" width="563"><figcaption></figcaption></figure>

### Use Cases

* **Limit file downloads by extension:**\
  Apply rate limits to `.pdf`, `.zip`, `.jpg` files regardless of path.
* **Protect API endpoints by path:**\
  Limit access to paths like `/api/auth`, `/api/login`, `/checkout`.
* **Combine path + extension filtering:**\
  Limit requests to `/reports/*.pdf` or `/downloads/*.zip`.
* **Restrict access to static assets:**\
  Control access to large files or images under `/media/` or `/static/`.
* **Prevent scraping of product/category pages:**\
  Apply limits to paths like `/products/`, `/categories/`.
* **Rate-limit search endpoints:**\
  Protect `/search` or `/filter` paths from abuse.

### Limitations

* Path & Extension Based Rate Limiting is disabled by default and must be activated per rule
* Only functional when resource Rate Limiting is enabled
* Whitelisted IPs cannot be scoped per rule
* Request Limit Range: 100 - 1000


---

# Agent Instructions: Querying This Documentation

If you need additional information that is not directly available in this page, you can query the documentation dynamically by asking a question.

Perform an HTTP GET request on the current page URL with the `ask` query parameter:

```
GET https://clients.medianova.com/products/performance-cdn/static-content-delivery/advanced-configuration/page-rules/page-rules-settings/path-and-extension-based-rate-limiting.md?ask=<question>
```

The question should be specific, self-contained, and written in natural language.
The response will contain a direct answer to the question and relevant excerpts and sources from the documentation.

Use this mechanism when the answer is not explicitly present in the current page, you need clarification or additional context, or you want to retrieve related documentation sections.