Expression:
(http.request.uri.path eq "/login" and ip.src.country eq "US" and ip.src ne 192.0.0.1)
Rule characteristics:
- Data center ID (included by default when creating the rule in the dashboard)
- IP Address
Rule examples
The examples below include sample rate limiting rule configurations.
Example 1
Section titled “Example 1”The following rule performs rate limiting on incoming requests from the US addressed at the login page, except for one allowed IP address.
Example 2
Section titled “Example 2”The following rule performs rate limiting on incoming requests with a given base URI path, incrementing on the IP address and the provided API key.
Expression:
(http.request.uri.path contains "/product" and http.request.method eq "POST")
Rule characteristics:
- Data center ID (included by default when creating the rule in the dashboard)
- IP Address
- HTTP Header >
x-api-key
Example 3
Section titled “Example 3”The following rule performs rate limiting on requests targeting multiple URI paths in two hosts, excluding known bots. The request rate is based on IP address and User-Agent values.
Expression:
(http.request.uri.path eq "/store" or http.request.uri.path eq "/prices") and (http.host eq "mystore1.com" or http.host eq "mystore2.com") and not cf.client.bot
Rule characteristics:
- Data center ID (included by default when creating the rule in the dashboard)
- IP Address
- HTTP Header >
user-agent
Was this helpful?
- Resources
- API
- New to Cloudflare?
- Products
- Sponsorships
- Open Source
- Support
- Help Center
- System Status
- Compliance
- GDPR
- Company
- cloudflare.com
- Our team
- Careers
- 2025 Cloudflare, Inc.
- Privacy Policy
- Terms of Use
- Report Security Issues
- Trademark