---
title: "Cloudflare Rate Limiting - API Abuse Prevention"
description: "Protect your APIs from abuse and your origin from being overwhelmed. Edge-based rate limiting with flexible rules and cost-effective pricing."
url: "https://www.cloudflare.com/products/rate-limiting"
---

# Rate Limiting

> Cloudflare Rate Limiting allows you to define granular thresholds for requests to your application and automatically block or log clients that exceed those limits.

## Key Features

- Edge-based enforcement
- Flexible rule engine
- IP-based limiting
- Header-based limiting
- Session tracking
- Accurate distributed counting
- Cost-effective pricing

## Benefits

### Performance and Accuracy at Scale

Our rate limiting happens at Cloudflare's edge, across 330+ cities. We can block excessive traffic before it ever touches your origin server, saving you bandwidth and compute resources.

### Rich, Flexible Rules Engine

Define limits based on a wide range of characteristics beyond just IP address, such as specific HTTP headers, query parameters, or even the result of a WAF check.

### Cost-Effectiveness

Simple, predictable pricing that is often far lower than a DIY solution, especially when factoring in your saved origin costs.

## Use Cases

### Login Endpoint Protection

Protecting login endpoints from password-spraying and brute-force attacks.

### API Cost Control

Cost control for expensive API calls.

### Session-Based API Defense

Protecting APIs by tracking usage based on session identifiers found in HTTP headers or cookies, neutralizing distributed botnets.

### Distributed Attack Mitigation

Our distributed counting is highly accurate, preventing the race conditions that can occur with self-managed, multi-region solutions.

## Resources

- [Full Documentation](https://developers.cloudflare.com/waf/rate-limiting-rules): Complete technical documentation
- [Get Started](https://dash.cloudflare.com/sign-up): Sign up and start building
- [Pricing](/plans.md): See pricing details

## Related Products

- [DDoS Protection](/products/ddos.md): Mitigation Solutions
- [SSL](/products/ssl.md): Secure Your Site with SSL
- [Turnstile](/products/turnstile.md): A CAPTCHA Replacement Solution
- [WAF](/products/waf.md): Web Application Firewall

---

*This is a markdown version of [https://www.cloudflare.com/products/rate-limiting](https://www.cloudflare.com/products/rate-limiting) for AI/LLM consumption.*