Configure Rate Limiting
Rate Limiting helps manage client request traffic by defining thresholds on how many requests a user or IP can make within a specified time window. This feature operates at the CDN edge, preventing excessive traffic from reaching your origin servers and maintaining stable performance.
Rate Limiting is available only for Dynamic CDN Resources in the Medianova Control Panel.
Access the Rate Limiting
To begin configuration, log in to the Medianova Control Panel and follow these steps:
Navigate to Security → Rate Limiting.
Select the Dynamic CDN Resource where you want to enable Rate Limiting.
The configuration panel for that resource will open.
If you don’t have a Dynamic CDN Resource yet, create one under CDN → Create CDN Resource, then return to the Security section.
Set Request Limits
Specify the number of requests allowed per client within a given time interval.
Request Limit
The maximum number of requests allowed (e.g., 100).
Time Interval
The period within which requests are counted (e.g., per second, per minute).
Start with conservative thresholds and gradually adjust them based on traffic analytics.
Choose Rate Limit Option
Define how bursts of traffic are handled when the limit is reached. Select one of the following modes from the dropdown:
Burst
Allows short spikes within the limit window before throttling begins.
Burst + No Delay
Permits short bursts instantly, without waiting for enforcement delay.
None
Strict enforcement. Requests exceeding the limit are immediately blocked.
“Burst” modes are useful for high-traffic APIs or login pages where short spikes are expected.
Configure IP Whitelisting (Optional)
Add trusted IP addresses or networks that should bypass rate enforcement.
Click Add Whitelist Entry.
Enter the IP address or range (e.g.,
192.168.0.0/24).Click Save to apply.
Whitelist internal monitoring systems or administrative users to prevent accidental blocking.
Define Actions for Exceeded Limits
Specify what happens when a user exceeds the defined rate limit.
Block
Rejects the request and returns an error response (default).
Challenge
Sends a verification challenge to the client before allowing further requests.
You can also define the HTTP response code to be returned:
429— Too Many Requests529— Custom throttling response
Use Challenge mode only if you have challenge verification integrated on your frontend (e.g., CAPTCHA).
Verify and Monitor
To confirm that Rate Limiting is working:
Send multiple requests exceeding your threshold to trigger enforcement.
Check the response code (
429or529).Review request logs and metrics in Analytics → Rate Limiting Dashboard.
Metric visibility may take a few minutes after activation depending on traffic volume.
Path & Extension Based Rate Limiting
Some parts of your application may require different rate limits — for example, to protect login endpoints or limit access to downloadable files — without affecting the entire CDN resource.
With Path & Extension Based Rate Limiting, you can define request thresholds that apply only to specific URL paths (such as /login or /api/) or file types (like .pdf, .jpg, or .mp4).
These rules are managed under the Page Rules section in the Medianova Control Panel and allow more granular control over how traffic is handled at the edge.
Use this feature when you need to:
Apply stricter limits to sensitive routes such as
/auth/,/checkout, or/login.Restrict access to large media or document files.
Combine global rate limits with path-level overrides for flexible traffic management.
Learn more: See Path & Extension Based Rate Limiting for configuration steps and advanced examples.
Last updated
Was this helpful?