Stop Abusive Requests Instantly with Advanced Rate Limiting




Companies of all sizes leverage Signal Science advanced rate limiting to stop malicious and anomalous high volume web requests and reduce web server and API utilization while allowing legitimate traffic through to application and API endpoints so companies can provide a superior customer experience that scales to meet increasing demand.


“Signal Sciences rate limiting has opened a new dimension into securing our application. It gave us a better understanding of this traffic and where it was coming from.”
– Ashlin Jones, Lead DevOps Engineer
Signal Sciences Advanced Rate Limiting
Signal Sciences rate limiting provides customers with the ability to prevent abusive behavior at the application layer that negatively impacts website and API performance. Rate limiting protects customers’ apps and APIs against:
Built To Work With Your Architecture

Easily Prevent App and API Abuse
Signal Sciences rate limiting stops excessive web requests from negatively impacting application and API performance by identifying and blocking requests that could result in abusive actions. Leveraging our award-winning app and API web protection technology, Signal Sciences rate limiting provides intelligent controls to reduce the number of requests directed at key web application functions.
- Leverage application-specific rules to prevent app and API abuse
- Define granular custom conditions to block abusive requests
- Quickly identify and respond to a real-time list of malicious sources that have been rate limited
- Gain valuable insights into traffic targeting applications or API endpoints
- Reduce infrastructure costs by eliminating unpredictable traffic spikes and attacks
Built To Effectively Stop Web and API Attacks
Signal Sciences makes it easy to create application-specific rate limiting rules. One-click actions enable further control over automated volumetric web requests that attempt abusive actions like:
Excessive Views
of Order Requests
Threat:
Threat actors direct too many requests at an ecommerce app’s view order path in an attempt to enumerate order tokens.
Mitigation:
- Stop high-volume requests to the view order path in a given timeframe
- Block requests from known-bad IP addresses sending additional view order requests
High Volume ‘Add Credit Card’
to Accounts
Threat:
Cyber criminals use third-party websites to verify high volumes of stolen credit card accounts. Valid cards have not been cancelled and can be used to make purchases.
Mitigation:
- Prevent any IP from sending too many requests attempting to add credit cards to accounts or verify credit card endpoints.
- Block requests from IP addresses sending too many failed ‘add credit card’ requests. Failures can be identified via response code or response header.
Content
Scraping
Threat:
Attackers engage in content scraping that overtax your app servers and use resources that could be serving valid content or services to real customers.
Mitigation:
- Block web requests from IPs sending too many requests to valuable content over a given timeframe.