Skip to content

[WAF] Update rate limiting availability table #21259

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Merged
merged 1 commit into from
Mar 31, 2025
Merged

[WAF] Update rate limiting availability table #21259

Changes from all commits
Commits
Show all changes
1 commit
Select commit
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
20 changes: 10 additions & 10 deletions src/content/partials/waf/rate-limiting-availability-by-plan.mdx
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -2,16 +2,16 @@
{}
---

| Feature | Free | Pro | Business | Enterprise with app security | Enterprise with Advanced Rate Limiting |
| ------------------------------------------- | -------------------------------------------------------------------------------------------------------- | ---------------------------------------------- | ----------------------------------------------------------------------------- | --------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- | ------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------ |
| Available fields<br/>in rule expression | Path, [Verified Bot](/ruleset-engine/rules-language/fields/reference/cf.bot_management.verified_bot/) | Host, URI, Path, Full URI, Query, Verified Bot | Host, URI, Path, Full URI, Query, Method, Source IP, User Agent, Verified Bot | General request fields, request header fields, Verified Bot, Bot Management fields<sup>1</sup> | General request fields, request header fields, Verified Bot, Bot Management fields<sup>1</sup>, request body fields<sup>2</sup> |
| Counting characteristics | IP | IP | IP | IP, IP with NAT support | IP, IP with NAT support, Query, Host, Headers, Cookie, ASN, Country, Path, JA3/JA4 Fingerprint<sup>1</sup>, JSON field value<sup>2</sup>, Body<sup>2</sup>, Form input value<sup>2</sup>, Custom |
| Available fields<br/>in counting expression | N/A | N/A | All rule expression fields, Response code, Response headers | All rule expression fields, Response code, Response headers | All rule expression fields, Response code, Response headers |
| Counting model | Number of requests | Number of requests | Number of requests | Number of requests | Number of requests,<br/>[complexity score](/waf/rate-limiting-rules/request-rate/#complexity-based-rate-limiting) |
| Rate limiting<br/>action behavior | Perform action during mitigation period | Perform action during mitigation period | Perform action during mitigation period | Perform action during mitigation period,<br/>Throttle requests above rate with block action | Perform action during mitigation period,<br/>Throttle requests above rate with block action |
| Counting periods | 10 s | 10 s, 1 min | 10 s, 1 min, 10 min | 10 s, 1 min, 2 min, 5 min, 10 min | 10 s, 1 min, 2 min, 5 min, 10 min, 1 h |
| Mitigation timeout periods | 10 s | 10 s, 1 min, 1 h | 10 s, 1 min, 1 h, 1 day | 10 s, 1 min, 2 min, 5 min, 10 min, 1 h, 1 day<sup>3</sup> | 10 s, 1 min, 2 min, 5 min, 10 min, 1 h, 1 day<sup>3</sup> |
| Number of rules | 1 | 2 | 5 | 5 or more<sup>4</sup> | 100 |
| Feature | Free | Pro | Business | Enterprise with app security | Enterprise with Advanced Rate Limiting |
| ------------------------------------------- | ----------------------------------------------------------------------------------------------------- | ---------------------------------------------- | ----------------------------------------------------------------------------- | ---------------------------------------------------------------------------------------------- | ------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------ |
| Available fields<br/>in rule expression | Path, [Verified Bot](/ruleset-engine/rules-language/fields/reference/cf.bot_management.verified_bot/) | Host, URI, Path, Full URI, Query, Verified Bot | Host, URI, Path, Full URI, Query, Method, Source IP, User Agent, Verified Bot | General request fields, request header fields, Verified Bot, Bot Management fields<sup>1</sup> | General request fields, request header fields, Verified Bot, Bot Management fields<sup>1</sup>, request body fields<sup>2</sup> |
| Counting characteristics | IP | IP | IP | IP, IP with NAT support | IP, IP with NAT support, Query, Host, Headers, Cookie, ASN, Country, Path, JA3/JA4 Fingerprint<sup>1</sup>, JSON field value<sup>2</sup>, Body<sup>2</sup>, Form input value<sup>2</sup>, Custom |
| Available fields<br/>in counting expression | N/A | N/A | All rule expression fields, Response code, Response headers | All rule expression fields, Response code, Response headers | All rule expression fields, Response code, Response headers |
| Counting model | Number of requests | Number of requests | Number of requests | Number of requests | Number of requests,<br/>[complexity score](/waf/rate-limiting-rules/request-rate/#complexity-based-rate-limiting) |
| Rate limiting<br/>action behavior | Perform action during mitigation period | Perform action during mitigation period | Perform action during mitigation period | Perform action during mitigation period,<br/>Throttle requests above rate with block action | Perform action during mitigation period,<br/>Throttle requests above rate with block action |
| Counting periods | 10 s | 10 s, 1 min | 10 s, 1 min, 10 min | 10 s, 1 min, 2 min, 5 min, 10 min, 1 h | 10 s, 1 min, 2 min, 5 min, 10 min, 1 h |
| Mitigation timeout periods | 10 s | 10 s, 1 min, 1 h | 10 s, 1 min, 1 h, 1 day | 10 s, 1 min, 2 min, 5 min, 10 min, 1 h, 1 day<sup>3</sup> | 10 s, 1 min, 2 min, 5 min, 10 min, 1 h, 1 day<sup>3</sup> |
| Number of rules | 1 | 2 | 5 | 5 or more<sup>4</sup> | 100 |

<sup>1</sup> *Only available to Enterprise customers who have purchased [Bot
Management](/bots/plans/bm-subscription/).*
Expand Down