What Are the Differences Between Rate Limit and Allowable Frequency in a CC Rule?
In a CC attack protection rule, Rate Limit specifies the maximum requests that a website visitor can initiate within the configured period. If the configured rate limit has been reached, WAF will respond according to the protective action configured. For example, if you configure Rate Limit to 10 requests within 60 seconds and Protective Action to Block, a maximum of 10 requests are allowed within 60 seconds. Once the website visitor initiates more than 10 requests within 60 seconds, WAF directly blocks the visitor from accessing the requested URL.
If you select Advanced for Mode and Block dynamically for Protective Action, configure Rate Limit and Allowable Frequency.
WAF blocks requests that trigger the rule based on Rate Limit first. Then, in the following rate limit period, WAF blocks requests that trigger the rule based on Allowable Frequency you configured. If blocking is triggered and Allowable Frequency is 0, all requests that meet the rule conditions in the next period are blocked.
Differences
- The rate limit period of Allowable Frequency is the same as that of Rate Limit.
- Allowable Frequency is lower than or equal to Rate Limit, and Allowable Frequency can be 0.
For details, see Configuring a CC Attack Protection Rule.
Protection Rules FAQs
- How Do I Switch the Mode of Basic Web Protection from Log Only to Block?
- Which Protection Levels Can Be Set for Basic Web Protection?
- What Is the Peak Rate of CC Attack Protection?
- When Is Cookie Used to Identify Users?
- What Are the Differences Between Rate Limit and Allowable Frequency in a CC Rule?
- Why Cannot the Verification Code Be Refreshed When Verification Code Is Configured in a CC Attack Protection Rule?
- Can a Precise Protection Rule Take Effect in a Specified Period?
- Can a Path Containing # Be Matched in a Precise Protection Rule?
- How Can I Allow Access from .js Files?
- Can I Batch Add IP Addresses to a Blacklist or Whitelist Rule?
- Can I Import or Export a Blacklist or Whitelist into or from WAF?
- How Do I Block Abnormal IP Addresses?
- Why Does a Requested Page Fail to Respond to the Client After the JavaScript-based Anti-Crawler Is Enabled?
- Is There Any Impact on Website Loading Speed If Other Crawler Check in Anti-Crawler Is Enabled?
- How Does JavaScript Anti-Crawler Detection Work?
- In Which Situations Will the WAF Policies Fail?
- How Do I Allow Requests from Only IP Addresses in a Specified Geographical Region?
- Which of the WAF Protection Rules Support the Log-Only Protective Action?
- How Do I Allow Only Specified IP Addresses to Access Protected Websites?
- Which Protection Rules Are Included in the System-Generated Policy?
- Why Does the Page Fail to Be Refreshed After WTP Is Enabled?
- What Are the Differences Between Blacklist/Whitelist Rules and Precise Protection Rules on Blocking Access Requests from Specified IP Addresses?
- What Do I Do If a Scanner, such as AppScan, Detects that the Cookie Is Missing Secure or HttpOnly?
Feedback
Was this page helpful?
Provide feedbackThank you very much for your feedback. We will continue working to improve the documentation.See the reply and handling status in My Cloud VOC.
For any further questions, feel free to contact us through the chatbot.
Chatbotmore
