Skip to content

Commit aebcf24

Browse files
patriciasantaanapatriciasantaana
authored
update rate limiting availability table (#23322)
1 parent 427ff19 commit aebcf24

File tree

1 file changed

+39
-19
lines changed

1 file changed

+39
-19
lines changed

src/content/partials/waf/rate-limiting-availability-by-plan.mdx

Lines changed: 39 additions & 19 deletions
Original file line numberDiff line numberDiff line change
@@ -2,22 +2,42 @@
22
{}
33
---
44

5-
| Feature | Free | Pro | Business | Enterprise with app security | Enterprise with Advanced Rate Limiting |
6-
| ------------------------------------------- | ----------------------------------------------------------------------------------------------------- | ---------------------------------------------- | ----------------------------------------------------------------------------- | ---------------------------------------------------------------------------------------------- | ------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------ |
7-
| Available fields<br/>in rule expression | Path, [Verified Bot](/ruleset-engine/rules-language/fields/reference/cf.bot_management.verified_bot/) | Host, URI, Path, Full URI, Query, Verified Bot | Host, URI, Path, Full URI, Query, Method, Source IP, User Agent, Verified Bot | General request fields, request header fields, Verified Bot, Bot Management fields<sup>1</sup> | General request fields, request header fields, Verified Bot, Bot Management fields<sup>1</sup>, request body fields<sup>2</sup> |
8-
| Counting characteristics | IP | IP | IP | IP, IP with NAT support | IP, IP with NAT support, Query, Host, Headers, Cookie, ASN, Country, Path, JA3/JA4 Fingerprint<sup>1</sup>, JSON field value<sup>2</sup>, Body<sup>2</sup>, Form input value<sup>2</sup>, Custom |
9-
| Available fields<br/>in counting expression | N/A | N/A | All rule expression fields, Response code, Response headers | All rule expression fields, Response code, Response headers | All rule expression fields, Response code, Response headers |
10-
| Counting model | Number of requests | Number of requests | Number of requests | Number of requests | Number of requests,<br/>[complexity score](/waf/rate-limiting-rules/request-rate/#complexity-based-rate-limiting) |
11-
| Rate limiting<br/>action behavior | Perform action during mitigation period | Perform action during mitigation period | Perform action during mitigation period | Perform action during mitigation period,<br/>Throttle requests above rate with block action | Perform action during mitigation period,<br/>Throttle requests above rate with block action |
12-
| Counting periods | 10 s | 10 s, 1 min | 10 s, 1 min, 10 min | 10 s, 1 min, 2 min, 5 min, 10 min, 1 h | 10 s, 1 min, 2 min, 5 min, 10 min, 1 h |
13-
| Mitigation timeout periods | 10 s | 10 s, 1 min, 1 h | 10 s, 1 min, 1 h, 1 day | 10 s, 1 min, 2 min, 5 min, 10 min, 1 h, 1 day<sup>3</sup> | 10 s, 1 min, 2 min, 5 min, 10 min, 1 h, 1 day<sup>3</sup> |
14-
| Number of rules | 1 | 2 | 5 | 5 or more<sup>4</sup> | 100 |
15-
16-
<sup>1</sup> *Only available to Enterprise customers who have purchased [Bot
17-
Management](/bots/plans/bm-subscription/).*
18-
<br /> <sup>2</sup> *Availability depends on your WAF plan.*
19-
<br /> <sup>3</sup> *Enterprise customers can specify a custom mitigation
20-
timeout period via API.*
21-
<br /> <sup>4</sup> *Enterprise customers must have application security on
22-
their contract to get access to rate limiting rules. The number of rules depends
23-
on the exact contract terms.*
5+
import { Details } from "~/components";
6+
7+
| Feature | Free | Pro | Business | Enterprise with app security | Enterprise with Advanced Rate Limiting |
8+
| ------------------------------------------- | ----------------------------------------------------------------------------------------------------- | ---------------------------------------------- | ----------------------------------------------------------------------------- | --------------------------------------------------------------------------------------- | ---------------------------------------------------------------------------------------------------------------------------------------------------------------- |
9+
| Available fields<br/>in rule expression | Path, [Verified Bot](/ruleset-engine/rules-language/fields/reference/cf.bot_management.verified_bot/) | Host, URI, Path, Full URI, Query, Verified Bot | Host, URI, Path, Full URI, Query, Method, Source IP, User Agent, Verified Bot | General request fields, request header fields, Verified Bot, Bot Management fields[^1] | General request fields, request header fields, Verified Bot, Bot Management fields[^1], request body fields[^2] |
10+
| Counting characteristics | IP | IP | IP, IP with NAT support | IP, IP with NAT support | IP, IP with NAT support, Query, Host, Headers, Cookie, ASN, Country, Path, JA3/JA4 Fingerprint[^1], JSON field value[^2], Body[^2], Form input value[^2], Custom |
11+
| Available fields<br/>in counting expression | N/A | N/A | All rule expression fields, Response code, Response headers | All rule expression fields, Response code, Response headers | All rule expression fields, Response code, Response headers |
12+
| Counting model | Number of requests | Number of requests | Number of requests | Number of requests | Number of requests, [complexity score](/waf/rate-limiting-rules/request-rate/#complexity-based-rate-limiting) |
13+
| Rate limiting<br/>action behavior | Perform action during mitigation period | Perform action during mitigation period | Perform action during mitigation period | Perform action during mitigation period, Throttle requests above rate with block action | Perform action during mitigation period, Throttle requests above rate with block action |
14+
| Counting periods | 10 s | All supported values up to 1&nbsp;min[^3] | All supported values up to 10&nbsp;min[^3] | All supported values up to 65,535&nbsp;s[^3] | All supported values up to 65,535&nbsp;s[^3] |
15+
| Mitigation timeout periods | 10 s | All supported values up to 1&nbsp;h[^3] | All supported values up to 1&nbsp;day[^3] | All supported values up to 1&nbsp;day[^3]&nbsp;[^4] | All supported values up to 1&nbsp;day[^3]&nbsp;[^4] |
16+
| Number of rules | 1 | 2 | 5 | 5 or more[^5] | 100 |
17+
18+
[^1]: Only available to Enterprise customers who have purchased [Bot Management](/bots/plans/bm-subscription/).
19+
20+
[^2]: Availability depends on your WAF plan.
21+
22+
[^3]: Supported period values in seconds:<br/> 10, 15, 20, 30, 40, 45, 60 (1 min), 90, 120 (2 min), 180 (3 min), 240 (4 min), 300 (5 min), 480, 600 (10 min), 900, 1200 (20 min), 1800, 2400, 3600 (1 h), 65535, 86400 (1 day).
23+
24+
[^4]: Enterprise customers can specify a custom mitigation timeout period via API.
25+
26+
[^5]: Enterprise customers must have application security on their contract to get access to rate limiting rules. The number of rules depends on the exact contract terms.
27+
28+
<Details header = "Footnotes" open={true}>
29+
30+
1: Only available to Enterprise customers who have purchased [Bot Management](/bots/plans/bm-subscription/).
31+
32+
2: Availability depends on your WAF plan.
33+
34+
3: List of supported counting/mitigation period values in seconds:<br/>
35+
10, 15, 20, 30, 40, 45, 60 (1 min), 90, 120 (2 min), 180 (3 min), 240 (4 min), 300 (5 min), 480, 600 (10 min), 900, 1200 (20 min), 1800, 2400, 3600 (1 h), 65535, 86400 (1 day).<br/>
36+
Not all values are available on all plans.
37+
38+
4: Enterprise customers can specify a custom mitigation timeout period via API.
39+
40+
5: Enterprise customers must have application security on their contract to get access to rate limiting rules. The number of rules depends on the exact contract terms.
41+
42+
</Details>
43+

0 commit comments

Comments
 (0)