skip to Main Content

Stop Abusive Requests Instantly with Advanced Rate Limiting

Protect
999 %
of customers in full blocking mode IN PRODUCTION
Smile
999 /5
OF CUSTOMERS WHO TRY US, BUY US
Production Requests Protected
999 +
TRILLION WEB REQUESTS INSPECTED MONTHLY
Stopwatch
< 999
MINUTES OR LESS DEPLOYMENT TIME

Companies of all sizes leverage Signal Science advanced rate limiting to stop malicious and anomalous high volume web requests and reduce web server and API utilization while allowing legitimate traffic through to application and API endpoints so companies can provide a superior customer experience that scales to meet increasing demand.

Bloomation

“Signal Sciences rate limiting has opened a new dimension into securing our application. It gave us a better understanding of this traffic and where it was coming from.”

Ashlin Jones
Ashlin Jones, Lead DevOps Engineer

Signal Sciences Advanced Rate Limiting

Signal Sciences rate limiting provides customers with the ability to prevent abusive behavior at the application layer that negatively impacts website and API performance. Rate limiting protects customers’ apps and APIs against:

Rate BulletBrute force attacks

Rate BulletApplication & API denial of service

Rate BulletMalicious high volume scripts

Rate BulletContent scraping

Rate BulletSpamming and fraudulent account creation

Rate BulletGift card, credit card enumeration

Built To Work With Your Architecture

protect apps at scale
Architecture Overview

Architecture Overview

Our hybrid SaaS architecture couples fast local decisions for optimal performance with the power of cloud for enriched intelligence and accuracy

Request a Demo

Smart Web Security Protection

Take the next step toward better security visibility and protection for your applications, and schedule a free demo with a Signal Sciences specialist.

Easily Prevent App and API Abuse

Signal Sciences rate limiting stops excessive web requests from negatively impacting application and API performance by identifying and blocking requests that could result in abusive actions. Leveraging our award-winning app and API web protection technology, Signal Sciences rate limiting provides intelligent controls to reduce the number of requests directed at key web application functions.

  • Leverage application-specific rules to prevent app and API abuse
  • Define granular custom conditions to block abusive requests
  • Quickly identify and respond to a real-time list of malicious sources that have been rate limited
  • Gain valuable insights into traffic targeting applications or API endpoints
  • Reduce infrastructure costs by eliminating unpredictable traffic spikes and attacks

Trusted by the World’s Top Companies

Datadog logo
Asurion
Betterment
Under Armour logo
ActBlue

Built To Effectively Stop Web and API  Attacks

Signal Sciences makes it easy to create application-specific rate limiting rules. One-click actions enable further control over automated volumetric web requests that attempt abusive actions like:

Excessive Views
of Order Requests

Threat: 

Threat actors direct too many requests at an ecommerce app’s view order path in an attempt to enumerate order tokens.

Mitigation:

  • Stop high-volume requests to the view order path in a given timeframe
  • Block requests from known-bad IP addresses sending additional view order requests

High Volume ‘Add Credit Card’
to Accounts

Threat: 

Cyber criminals use third-party websites to verify high volumes of stolen credit card accounts. Valid cards have not been cancelled and can be used to make purchases.

Mitigation:

  • Prevent any IP from sending too many requests attempting to add credit cards to accounts or verify credit card endpoints.
  • Block requests from IP addresses sending too many failed ‘add credit card’ requests. Failures can be identified via response code or response header.

Content
Scraping

Threat: 

Attackers engage in content scraping that overtax your app servers and use resources that could be serving valid content or services to real customers.

Mitigation:

  • Block web requests from IPs sending too many requests to valuable content over a given timeframe.
Back To Top