> For the complete documentation index, see [llms.txt](https://clients.medianova.com/llms.txt). Markdown versions of documentation pages are available by appending `.md` to page URLs; this page is available as [Markdown](https://clients.medianova.com/products/security/rate-limiting/configure-rate-limiting.md).

# Configure Rate Limiting

**Rate Limiting** helps manage client request traffic by defining thresholds on how many requests a user or IP can make within a specified time window.\
This feature operates at the **CDN edge**, preventing excessive traffic from reaching your origin servers and maintaining stable performance.

{% hint style="info" %}
Rate Limiting is available only for **Dynamic CDN Resources** in the [**Medianova Control Panel**](https://cloud.medianova.com).
{% endhint %}

{% stepper %}
{% step %}
**Access the Rate Limiting**

To begin configuration, log in to the **Medianova Control Panel** and follow these steps:

1. Navigate to **Security → Rate Limiting**.
2. Select the **Dynamic CDN Resource** where you want to enable Rate Limiting.
3. The configuration panel for that resource will open.

{% hint style="info" %}
If you don’t have a Dynamic CDN Resource yet, create one under **CDN → Create CDN Resource**, then return to the Security section.
{% endhint %}
{% endstep %}

{% step %}
**Enable Rate Limiting**

Toggle the **Rate Limiting** option to **On** to activate the feature.\
Once enabled, you can define custom thresholds and actions for your selected resource.

{% hint style="info" %}
Disabling Rate Limiting immediately removes active enforcement rules but retains your configuration for future use.
{% endhint %}
{% endstep %}

{% step %}
**Set Request Limits**

Specify the number of requests allowed per client within a given time interval.

<table><thead><tr><th width="141">Field</th><th>Description</th></tr></thead><tbody><tr><td><strong>Request Limit</strong></td><td>The maximum number of requests allowed (e.g., 100).</td></tr><tr><td><strong>Time Interval</strong></td><td>The period within which requests are counted (e.g., per second, per minute).</td></tr></tbody></table>

{% hint style="info" %}
Start with conservative thresholds and gradually adjust them based on traffic analytics.
{% endhint %}
{% endstep %}

{% step %}
**Choose Rate Limit Option**

Define how bursts of traffic are handled when the limit is reached.\
Select one of the following modes from the dropdown:

<table><thead><tr><th width="151">Option</th><th>Description</th></tr></thead><tbody><tr><td><strong>Burst</strong></td><td>Allows short spikes within the limit window before throttling begins.</td></tr><tr><td><strong>Burst + No Delay</strong></td><td>Permits short bursts instantly, without waiting for enforcement delay.</td></tr><tr><td><strong>None</strong></td><td>Strict enforcement. Requests exceeding the limit are immediately blocked.</td></tr></tbody></table>

{% hint style="info" %}
“Burst” modes are useful for high-traffic APIs or login pages where short spikes are expected.
{% endhint %}
{% endstep %}

{% step %}
**Configure IP Whitelisting (Optional)**

Add **trusted IP addresses or networks** that should bypass rate enforcement.

* Click **Add Whitelist Entry**.
* Enter the IP address or range (e.g., `192.168.0.0/24`).
* Click **Save** to apply.

{% hint style="info" %}
Whitelist internal monitoring systems or administrative users to prevent accidental blocking.
{% endhint %}
{% endstep %}

{% step %}
**Define Actions for Exceeded Limits**

Specify what happens when a user exceeds the defined rate limit.

<table><thead><tr><th width="107.00006103515625">Action</th><th>Description</th></tr></thead><tbody><tr><td><strong>Block</strong></td><td>Rejects the request and returns an error response (default).</td></tr><tr><td><strong>Challenge</strong></td><td>Sends a verification challenge to the client before allowing further requests.</td></tr></tbody></table>

You can also define the **HTTP response code** to be returned:

* `429` — Too Many Requests
* `529` — Custom throttling response

{% hint style="info" %}
Use `Challenge` mode only if you have challenge verification integrated on your frontend (e.g., CAPTCHA).
{% endhint %}
{% endstep %}

{% step %}
**Save and Apply Configuration**

After defining all parameters, click **Save** to activate your Rate Limiting settings.\
The configuration takes effect immediately at the CDN edge.

<figure><img src="/files/v4RRhrmFLWVL7rwFgu1j" alt="" width="563"><figcaption></figcaption></figure>

{% hint style="info" %}
Test your configuration with real traffic or API calls to ensure it behaves as expected.
{% endhint %}
{% endstep %}

{% step %}
**Verify and Monitor**

To confirm that Rate Limiting is working:

* Send multiple requests exceeding your threshold to trigger enforcement.
* Check the response code (`429` or `529`).
* Review request logs and metrics in **Analytics → Rate Limiting Dashboard**.

{% hint style="info" %}
Metric visibility may take a few minutes after activation depending on traffic volume.
{% endhint %}
{% endstep %}
{% endstepper %}

### **Path & Extension Based Rate Limiting**

Some parts of your application may require different rate limits — for example, to protect **login endpoints** or limit access to **downloadable files** — without affecting the entire CDN resource.

With **Path & Extension Based Rate Limiting**, you can define request thresholds that apply only to specific **URL paths** (such as `/login` or `/api/`) or **file types** (like `.pdf`, `.jpg`, or `.mp4`).\
These rules are managed under the **Page Rules** section in the **Medianova Control Panel** and allow more granular control over how traffic is handled at the edge.

Use this feature when you need to:

* Apply stricter limits to sensitive routes such as `/auth/`, `/checkout`, or `/login`.
* Restrict access to large media or document files.
* Combine **global rate limits** with **path-level overrides** for flexible traffic management.

**Learn more:** See [Path & Extension Based Rate Limiting](/products/performance-cdn/static-content-delivery/advanced-configuration/page-rules/page-rules-settings/path-and-extension-based-rate-limiting.md) for configuration steps and advanced examples.


---

# Agent Instructions
This documentation is published with GitBook. GitBook is the documentation platform designed so that both humans and AI agents can read, navigate, and reason over technical content effectively. Learn more at gitbook.com.

## Querying This Documentation
If you need additional information that is not directly available in this page, you can query the documentation dynamically by asking a question.

Perform an HTTP GET request on the current page URL with the `ask` query parameter, and the optional `goal` query parameter:

```
GET https://clients.medianova.com/products/security/rate-limiting/configure-rate-limiting.md?ask=<question>&goal=<endgoal>
```

`ask` is the immediate question: it should be specific, self-contained, and written in natural language.
`goal` is optional and describes the broader end goal you are ultimately trying to accomplish on behalf of the user. GitBook uses it to tailor the answer towards what is most useful for that goal.

The response will contain a direct answer to the question and relevant excerpts and sources from the documentation.

Use this mechanism when the answer is not explicitly present in the current page, you need clarification or additional context, or you want to retrieve related documentation sections.
Field	Description
Request Limit	The maximum number of requests allowed (e.g., 100).
Time Interval	The period within which requests are counted (e.g., per second, per minute).
Option	Description
Burst	Allows short spikes within the limit window before throttling begins.
Burst + No Delay	Permits short bursts instantly, without waiting for enforcement delay.
None	Strict enforcement. Requests exceeding the limit are immediately blocked.
Action	Description
Block	Rejects the request and returns an error response (default).
Challenge	Sends a verification challenge to the client before allowing further requests.