Rate Limiting: What it is & How it Works in DataDome’s Response Suite

Rate limiting is a cybersecurity practice that involves blocking certain traffic based on the number of hits—such as number of queries or connections per second—it generates during a specific time period. As long as the traffic’s volume is below the threshold, it will be unrestricted.

DataDome’s “Response” suite includes features like rate limiting and timeboxing to give you additional ways to optimize how your traffic can reach your endpoints.

How Rate Limiting Works

Rate limiting allows you to block traffic based on the number of hits it generates during a specified time period. Traffic will be allowed as long as its volume is below your threshold. The moment the number of hits exceeds your rules, the blocking response (CAPTCHA or hard block) is triggered.

What are the use cases for rate limiting?

Imagine all the desired automated traffic that can and should reach your endpoints, such as your technical partners, good bot traffic coming from the indexing bots of major search engines, expected commercial bots, etc. With rate limiting, you can fully control your traffic and adjust it with great precision to your infrastructure capabilities.

The key benefit? You can always be sure that your infrastructure resources are reserved, first and foremost, for your human visitors—guaranteeing them the best user experience.

How to apply DataDome’s rate limiting response:

Your rate limiting settings can be applied to any chosen “good” or commercial bot traffic (AI rules) and to all custom rules.

To apply rate limiting to a rule of your choice, simply open the “Response” menu and select “Rate Limiting”:

You can also choose “Rate Limiting” when you create or update a custom rule: