Rate Limiter

Rate limiters add configurable origin request rate limiting to a service. This information is part of a limited availability release. For more information, see our product and feature lifecycle descriptions. To use this feature you must purchase a Professional or Premier Platform subscription for either Signal Sciences Cloud WAF or Signal Sciences Next-Gen WAF and have a paid account with a contract for full-site delivery.

Data model

actionstringThe action to take when a rate limiter violation is detected.
client_keyarrayArray of VCL variables used to generate a counter key to identify a client. Example variables include req.http.Fastly-Client-IP, req.http.User-Agent, or a custom header like req.http.API-Key.
feature_revisionintegerRevision number of the rate limiting feature implementation. Defaults to the most recent revision.
http_methodsarrayArray of HTTP methods to apply rate limiting to.
logger_typestringName of the type of logging endpoint to be used when action is log_only. The logging endpoint type is used to determine the appropriate log format to use when emitting log entries.
namestringA human readable name for the rate limiting rule.
penalty_box_durationintegerLength of time in minutes that the rate limiter is in effect after the initial violation is detected.
responseobjectCustom response to be sent when the rate limit is exceeded. Required if action is response.
response_object_namestringName of existing response object. Required if action is response_object. Note that the rate limiter response is only updated to reflect the response object content when saving the rate limiter configuration.
rps_limitintegerUpper limit of requests per second allowed by the rate limiter.
uri_dictionary_namestringThe name of an Edge Dictionary containing URIs as keys. If not defined or null, all origin URIs will be rate limited.
window_sizeintegerNumber of seconds during which the RPS limit must be exceeded in order to trigger a violation.
created_atstringDate and time in ISO 8601 format. Read-only.
deleted_atstringDate and time in ISO 8601 format. Read-only.
idstringAlphanumeric string identifying the rate limiter.
service_idstringAlphanumeric string identifying the service. Read-only.
updated_atstringDate and time in ISO 8601 format. Read-only.
versionintegerInteger identifying a service version. Read-only.

Endpoints

List rate limiters

GET/service/service_id/version/version_id/rate-limiters

Create a rate limiter

POST/service/service_id/version/version_id/rate-limiters

Get a rate limiter

GET/rate-limiters/rate_limiter_id

Update a rate limiter

PUT/rate-limiters/rate_limiter_id

Delete a rate limiter

DELETE/rate-limiters/rate_limiter_id