Drupal is a registered trademark of Dries Buytaert
drupal 11.3.7 Update released for Drupal core (11.3.7)! drupal 11.2.11 Update released for Drupal core (11.2.11)! drupal 10.6.7 Update released for Drupal core (10.6.7)! drupal 10.5.9 Update released for Drupal core (10.5.9)! cms 2.1.1 Update released for Drupal core (2.1.1)! drupal 11.3.6 Update released for Drupal core (11.3.6)! drupal 10.6.6 Update released for Drupal core (10.6.6)! cms 2.1.0 Update released for Drupal core (2.1.0)! bootstrap 8.x-3.40 Minor update available for theme bootstrap (8.x-3.40). menu_link_attributes 8.x-1.7 Minor update available for module menu_link_attributes (8.x-1.7). eca 3.1.1 Minor update available for module eca (3.1.1). layout_paragraphs 2.1.3 Minor update available for module layout_paragraphs (2.1.3). ai 1.3.3 Minor update available for module ai (1.3.3). ai 1.2.14 Minor update available for module ai (1.2.14). node_revision_delete 2.0.3 Minor update available for module node_revision_delete (2.0.3). moderated_content_bulk_publish 2.0.52 Minor update available for module moderated_content_bulk_publish (2.0.52). klaro 3.0.10 Minor update available for module klaro (3.0.10). klaro 3.0.9 Minor update available for module klaro (3.0.9). layout_paragraphs 2.1.2 Minor update available for module layout_paragraphs (2.1.2). geofield_map 11.1.8 Minor update available for module geofield_map (11.1.8).
← All modules

rate_limits

176 sites Security covered
View on drupal.org

Rate Limits allows you to create configurations to limit access in a given window. It is currently built on top of core's flood service to provide protection against DoS attacks. By limiting the rate that a particular user or a particular IP can access your Drupal site you can prevent these types of attacks.

Usage

In order to configure the rate limits you will need to tag the routes where you want them to apply. You can use the Tagged Routes module to manually tag routes, or you can tag them programmatically in the route configuration like this:

rate_limits.first_test_route1:
  path: '/rate-limits/test1'
  defaults:
    _controller: '\Drupal\rate_limits_test\RateLimitsTestController::handle'
    _title: 'Gen 204'
  no_cache: TRUE
  options:
    tags: ['first_tag', 'second_tag']

Once your routes are tagged you can create a Rate Limit configuration with tags in it. You can create a rate limit by going to /admin/structure/rate_limit_config. When a tagged route is accessed the rate limit configuration that matches those tags is in effect. After the rate limit is exceeded your request will return with a 429 error.


Activity

Total releases
1
First release
Nov 2025
Latest release
5 months ago
Release cadence
Stability
100% stable

Releases

Version Type Release date
2.0.2 Stable Nov 16, 2025