Cloudflare Docs
WAF
Edit this page on GitHub
Set theme to dark (⇧+D)

Troubleshoot Rate Limiting (previous version)

A few common rate limiting configuration issues prevent proper request matches:

  • Including HTTP or HTTPS protocol schemes in rule patterns (such as https://example.com/*). To restrict rules to match only HTTP or HTTPS traffic, use the schemes array in the request match. For example, "schemes": [ "HTTPS" ].
  • Forgetting a trailing slash character (/). Cloudflare Rate Limiting only treats requests for the homepage (such as example.com and example.com/) as equivalent, but not any other path (such as example.com/path/ and example.com/path). To match request paths both with and without the trailing slash, use a wildcard match (for example, example.com/path*).
  • Including a query string or anchor (such as example.com/path?foo=bar or example.com/path#section1). A rule like example.com/path will match requests for example.com/path?foo=bar.
  • Overriding a rate limit with IP Access rules.
  • Including a port number (such as example.com:8443/api/). Rate Limiting does not consider port numbers within rules. Remove the port number from the URL so that the rate limit rule triggers as expected.

​​ Common API errors

The following common errors may prevent configuring rate limiting rules via the Cloudflare API:  

  • Decoding is not yet implemented – Indicates that your request is missing the Content-Type: application/json header. Add the header to your API request to fix the issue.
  • Ratelimit.api.not_entitled – Enterprise customers must contact their account team before adding rules.