Gaming industry under DDoS attack. Get DDoS protection now. Start onboarding
Under attack? Log in
Sign up for free

Products

Solutions

Pricing

Resources

Partners

Why Gcore

Under attack?
Log in
Contact us
Contact us Sign up for free
  1. Home
  2. Blog
  3. Configuring a Rate Limiter for Bot Protection
Security
News

Configuring a Rate Limiter for Bot Protection

  • July 20, 2023
  • 2 min read
Configuring a Rate Limiter for Bot Protection

As more companies move their operations online, the threat of robotic or automated activities that mimic user activity—collectively known as bots—has grown significantly. These can execute damaging operations, like data scraping, form submission abuse, or user account takeovers. To help combat this, we offer a module called Bot Protection. This module detects bot activity and prevents it from accessing your data and resources.

An added feature of Bot Protection is the Rate Limiter. This feature lets you specify how many user requests can be sent to your protected resource and web application per second, which helps reduce the load on our network and your website. It rejects requests exceeding your set limit, preventing excessive bot activity.

How to Setup Bot Protection?

Here’s a guide on how to configure this feature:

  1. Navigate to Web Protection, and select the resource settings you want to protect.
  2. Open the Bot tab.

  1. Ensure the Bot Protection is set to either Low or High mode. If set to Off mode, you won’t be able to use or configure the Rate Limiter feature.
  2. Set the number of allowed requests to your protected resource per second; you can choose between 1 and 100,000.
  3. Set the number of allowed requests to a single URI of your web application per second; you can choose between 1 and 100,000.
  4. Optionally, you can create exceptions to the default settings by specifying rules for specific URIs. For instance, if you want to allow multiple requests from one IP address to a particular URI:
    • Click “Add Rule”.
    • Select the method of the request (POST, GET, PUT, PATCH, or DELETE)
    • Specify URI path. You can use an asterisk (*) wildcard, which includes all possible nesting.
    • Set the number of allowed requests between 1 and 100,000.
  5. Once you’ve configured your settings, click Save changes.

Note: For all rules you can also set the value to 0, which means there will be no restrictions on the number of requests.

After setting the Rate Limiter, any users or bots that try to send more requests than the specified limit will receive an HTTP 429 (Too Many Requests) response code, indicating that the Rate Limiter has blocked their activity.

How Many URI Rules Can I Have?

You can create as many rules for URI as allowed by your plan:

  • Trial plan: 1 rule
  • Start+ plan: 3 rules
  • Pro plan: 6 rules
  • Custom plan: 10 rules

You’ll receive an error message if you try to create more rules than your plan allows.

Conclusion

Through the Bot Protection feature, you can efficiently regulate the number of user requests, minimizing undue load and protecting your application from possible abuse or data breaches.

For more details, check out our step-by-step instructions.

Try bot protection today

null

Gcore Team

Content Team

Table of contents

Try Gcore Security

Gcore all-in-one platform: cloud, AI, CDN, security, and other infrastructure services.

Try for free

Related articles

Gcore successfully stops 6 Tbps DDoS attack

Gcore recently detected and mitigated one of the most powerful distributed denial-of-service (DDoS) attacks of the year, peaking at 6 Tbps and 5.3 billion packets per second (Bpps).This surge, linked to the AISURU botnet, reflects a growing

Gcore Radar Q1–Q2 2025: three insights into evolving attack trends

Cyberattacks are becoming more frequent, larger in scale, and more sophisticated in execution. For businesses across industries, this means protecting digital resources is more important than ever. Staying ahead of attackers requires not on

No capacity = no defense: rethinking DDoS resilience at scale

DDoS attacks are growing so massive they are overwhelming the very infrastructure designed to stop them. Earlier this year, a peak attack exceeding 7 Tbps was recorded, while 1–2 Tbps attacks have become everyday occurrences. Such volumes w

Protecting networks at scale with AI security strategies

Network cyberattacks are no longer isolated incidents. They are a constant, relentless assault on network infrastructure, probing for vulnerabilities in routing, session handling, and authentication flows. With AI at their disposal, threat

Introducing Gcore for Startups: created for builders, by builders

Building a startup is tough. Every decision about your infrastructure can make or break your speed to market and burn rate. Your time, team, and budget are stretched thin. That’s why you need a partner that helps you scale without compromis

Outpacing cloud‑native threats: How to secure distributed workloads at scale

The cloud never stops. Neither do the threats.Every shift toward containers, microservices, and hybrid clouds creates new opportunities for innovation…and for attackers. Legacy security, built for static systems, crumbles under the speed, s

Subscribe to our newsletter

Get the latest industry trends, exclusive insights, and Gcore updates delivered straight to your inbox.

Subscribe