Cloudflare Docs
Terraform
Cloudflare Docs
Terraform
Search icon (depiction of a magnifying glass)
GitHub icon
Visit Terraform on GitHub
Set theme to dark (⇧+D)

Configure rate limiting rules

This page provides an example of creating a rate limiting rule in a zone using Terraform.

For more information on rate limiting rules, refer to Rate limiting rules in the Cloudflare WAF documentation.

​​ Create a rate limiting rule

This example creates a rate limiting rule in zone with ID <ZONE_ID> blocking traffic that exceeds the configured rate:

resource "cloudflare_ruleset" "zone_rl" {
  zone_id     = "<ZONE_ID>"
  name        = "Rate limiting for my zone"
  description = ""
  kind        = "zone"
  phase       = "http_ratelimit"


  rules {
    action = "block"
    ratelimit {
      characteristics = ["cf.colo.id", "ip.src"]
      period = 60
      requests_per_period = 100
      mitigation_timeout = 600
    }
    expression = "(http.request.uri.path matches \"^/api/\")"
    description = "My rate limiting rule"
    enabled = true
  }

}

​​ Create an advanced rate limiting rule

This example creates a rate limiting rule in zone with ID <ZONE_ID> with:

  • A custom counting expression that includes a response field (http.response.code).
  • A custom JSON response for rate limited requests.
resource "cloudflare_ruleset" "zone_rl_custom_response" {
  zone_id     = "<ZONE_ID>"
  name        = "Advanced rate limiting rule for my zone"
  description = ""
  kind        = "zone"
  phase       = "http_ratelimit"


  rules {
    action = "block"
    action_parameters {
      response {
        status_code = 429
        content = "{\"response\": \"block\"}"
        content_type = "application/json"
      }
    }
    ratelimit {
      characteristics = ["ip.src", "cf.colo.id"]
      period = 10
      requests_per_period = 5
      mitigation_timeout = 30
      counting_expression = "(http.host eq \"www.example.com\") and (http.request.uri.path matches \"^/status/\") and (http.response.code eq 404)"
    }
    expression = "http.host eq \"www.example.com\" and (http.request.uri.path matches \"^/status/\")"
    description = "Rate limit requests to www.example.com when exceeding the threshold of 404 responses on /status/"
    enabled = true
  }

}