medianova.comSupportLog in

Configure Rate Limiting

Rate Limiting helps manage client request traffic by defining thresholds on how many requests a user or IP can make within a specified time window. This feature operates at the CDN edge, preventing excessive traffic from reaching your origin servers and maintaining stable performance.

Rate Limiting is available only for Dynamic CDN Resources in the Medianova Control Panel.

1

Access the Rate Limiting

To begin configuration, log in to the Medianova Control Panel and follow these steps:

  1. Navigate to Security → Rate Limiting.

  2. Select the Dynamic CDN Resource where you want to enable Rate Limiting.

  3. The configuration panel for that resource will open.

If you don’t have a Dynamic CDN Resource yet, create one under CDN → Create CDN Resource, then return to the Security section.

2

Enable Rate Limiting

Toggle the Rate Limiting option to On to activate the feature. Once enabled, you can define custom thresholds and actions for your selected resource.

Disabling Rate Limiting immediately removes active enforcement rules but retains your configuration for future use.

3

Set Request Limits

Specify the number of requests allowed per client within a given time interval.

Field
Description

Request Limit

The maximum number of requests allowed (e.g., 100).

Time Interval

The period within which requests are counted (e.g., per second, per minute).

Start with conservative thresholds and gradually adjust them based on traffic analytics.

4

Choose Rate Limit Option

Define how bursts of traffic are handled when the limit is reached. Select one of the following modes from the dropdown:

Option
Description

Burst

Allows short spikes within the limit window before throttling begins.

Burst + No Delay

Permits short bursts instantly, without waiting for enforcement delay.

None

Strict enforcement. Requests exceeding the limit are immediately blocked.

“Burst” modes are useful for high-traffic APIs or login pages where short spikes are expected.

5

Configure IP Whitelisting (Optional)

Add trusted IP addresses or networks that should bypass rate enforcement.

  • Click Add Whitelist Entry.

  • Enter the IP address or range (e.g., 192.168.0.0/24).

  • Click Save to apply.

Whitelist internal monitoring systems or administrative users to prevent accidental blocking.

6

Define Actions for Exceeded Limits

Specify what happens when a user exceeds the defined rate limit.

Action
Description

Block

Rejects the request and returns an error response (default).

Challenge

Sends a verification challenge to the client before allowing further requests.

You can also define the HTTP response code to be returned:

  • 429 — Too Many Requests

  • 529 — Custom throttling response

Use Challenge mode only if you have challenge verification integrated on your frontend (e.g., CAPTCHA).

7

Save and Apply Configuration

After defining all parameters, click Save to activate your Rate Limiting settings. The configuration takes effect immediately at the CDN edge.

Test your configuration with real traffic or API calls to ensure it behaves as expected.

8

Verify and Monitor

To confirm that Rate Limiting is working:

  • Send multiple requests exceeding your threshold to trigger enforcement.

  • Check the response code (429 or 529).

  • Review request logs and metrics in Analytics → Rate Limiting Dashboard.

Metric visibility may take a few minutes after activation depending on traffic volume.

Path & Extension Based Rate Limiting

Some parts of your application may require different rate limits — for example, to protect login endpoints or limit access to downloadable files — without affecting the entire CDN resource.

With Path & Extension Based Rate Limiting, you can define request thresholds that apply only to specific URL paths (such as /login or /api/) or file types (like .pdf, .jpg, or .mp4). These rules are managed under the Page Rules section in the Medianova Control Panel and allow more granular control over how traffic is handled at the edge.

Use this feature when you need to:

  • Apply stricter limits to sensitive routes such as /auth/, /checkout, or /login.

  • Restrict access to large media or document files.

  • Combine global rate limits with path-level overrides for flexible traffic management.

Learn more: See Path & Extension Based Rate Limiting for configuration steps and advanced examples.

PreviousRate LimitingNextHotlink Protection

Last updated

Was this helpful?