Drupal is a registered trademark of Dries Buytaert
Protected Pages 3.0.0 Major update available for module protected_pages (3.0.0). Commerce Core 3.3.8 Minor update available for module commerce (3.3.8). Layout Builder Reorder 2.0.1 Minor update available for module layout_builder_reorder (2.0.1). Ban 1.1.0 Minor update available for module ban (1.1.0). Field Formatter Range 2.0.0 Major update available for module field_formatter_range (2.0.0). Field Formatter Range 8.x-1.8 Minor update available for module field_formatter_range (8.x-1.8). UI Patterns (SDC in Drupal UI) 2.0.18 Minor update available for module ui_patterns (2.0.18). Varbase FAQs 9.2.1 Minor update available for module varbase_faqs (9.2.1). Search API Solr 4.3.11 Module search_api_solr updated after 14 months of inactivity (4.3.11). Provus Mega Menu Module provus_mega_menu crossed 1,000 active installs.

Rate Limits

319 sites Security covered
View on drupal.org

This module helps protect your Drupal site from denial-of-service attacks by setting limits on how often users or IP addresses can access specific parts of your site within a given time frame. When these limits are exceeded, users will receive a 429 error.

Rate Limits allows you to create configurations to limit access in a given window. It is currently built on top of core's flood service to provide protection against DoS attacks. By limiting the rate that a particular user or a particular IP can access your Drupal site you can prevent these types of attacks.

Usage

In order to configure the rate limits you will need to tag the routes where you want them to apply. You can use the Tagged Routes module to manually tag routes, or you can tag them programmatically in the route configuration like this:

rate_limits.first_test_route1:
  path: '/rate-limits/test1'
  defaults:
    _controller: '\Drupal\rate_limits_test\RateLimitsTestController::handle'
    _title: 'Gen 204'
  no_cache: TRUE
  options:
    tags: ['first_tag', 'second_tag']

Once your routes are tagged you can create a Rate Limit configuration with tags in it. You can create a rate limit by going to /admin/structure/rate_limit_config. When a tagged route is accessed the rate limit configuration that matches those tags is in effect. After the rate limit is exceeded your request will return with a 429 error.


Activity

Total releases
1
First release
Nov 2025
Latest release
8 months ago
Releases (12 mo)
1 ▲ from 0
Maintenance
Slowing

Releases

Version Type Release date
2.0.2 Stable Nov 16, 2025