medianova.comSupportLog in

Path & Extension Based Rate Limiting

Overview

Path & Extension Based Rate Limiting allows you to define traffic limits based on specific URL paths and/or file extensions (e.g., /api , /login, .pdf, .jpg). This enables targeted protection for sensitive endpoints or static resources by enforcing custom request limits per rule.

Path & Extension Based Rate Limiting is available under Page Rules for Small, Large and Dynamic accounts. It remains OFF by default and must be explicitly enabled per rule, even when global Rate Limiting is ON.

Activation Requirements

  • Rate Limiting must be enabled globally under the Security tab.

  • Path & Extension Based Rate Limiting is disabled by default, even when Rate Limiting is ON.

  • Rules are created under the Page Rules section of the panel.

  • You can define different rate limits for each path or file type, separate from the base rule.

  • Whitelist IPs are managed from a single global pool; no separation exists between general Rate Limiting and Path & Extension Based Rate Limiting.

Rule Behavior

Each Path & Extension Based Rate Limiting rule inherits global Rate Limiting settings (request limit, burst, time window, etc.), but allows you to scope limits to a specific path or file extension.

Configuration Fields

Field
Description

Path

Target path (e.g., /api/login)

File Extension

Target extensions (e.g., .pdf, .jpg, .html)

Request Limit

Requests per second/minute (inherited from global config)

Burst

Number of extra allowed requests before enforcing limits

If the account's default Cache Type is dynamic or edge, you must explicitly define the same Cache Type in the Page Rule when applying Path & Extension Based Rate Limiting; otherwise, caching for that path or extension will fall back to origin, and response behavior will rely on origin headers.

How to Configure

  1. Navigate to the Page Rules section in the Medianova panel.

  2. Click Add Rule.

  3. In the rule editor, define:

    • Path (e.g., /login)

    • File Extensions (e.g., .pdf, .jpg)

  4. Select and enable Rate Limiting toggle inside the rule.

  5. Set:

    • Request Limit (100–1000)

    • Time Window (Per Second or Per Minute)

    • Burst value (optional)

  6. If your account’s default Cache Type is dynamic or edge, add the same Cache Type field to this rule explicitly.

Page Rules are processed in order, from top to bottom. If multiple rules match the same path or file, only the first matching rule is applied. Make sure your rate limiting rule is placed before broader or less restrictive rules.

Example Rule

Path: /reports
File Extensions: .pdf
Request Limit: 100
Time Window: Per Minute
Burst: 20

This rule limits .pdf file requests under /reports to 100 per minute, allowing 20 additional burst requests before applying the rate limit.

Use Cases

  • Limit file downloads by extension: Apply rate limits to .pdf, .zip, .jpg files regardless of path.

  • Protect API endpoints by path: Limit access to paths like /api/auth, /api/login, /checkout.

  • Combine path + extension filtering: Limit requests to /reports/*.pdf or /downloads/*.zip.

  • Restrict access to static assets: Control access to large files or images under /media/ or /static/.

  • Prevent scraping of product/category pages: Apply limits to paths like /products/, /categories/.

  • Rate-limit search endpoints: Protect /search or /filter paths from abuse.

Limitations

  • Path & Extension Based Rate Limiting is disabled by default and must be activated per rule

  • Only functional when resource Rate Limiting is enabled

  • Whitelisted IPs cannot be scoped per rule

  • Request Limit Range: 100 - 1000

PreviousPage Rules SettingsNextCompression

Last updated

Was this helpful?