Rate Limiting Configuration in Adobe Commerce Cloud
Rate limiting is an essential feature in Adobe Commerce Cloud that allows you to control and manage the number of requests made to your website or API within a specific time period. By implementing rate limiting, you can prevent abuse, protect your resources, and ensure a smooth user experience.
To configure rate limiting in Adobe Commerce Cloud, follow these steps:
Step 1: Access the Adobe Commerce Cloud Admin Panel
Log in to your Adobe Commerce Cloud Admin Panel using your credentials.
Step 2: Navigate to the Rate Limiting Settings
Once logged in, go to the “Stores” menu and select “Configuration.” From the left-hand side menu, click on “Advanced” under the “System” and then choose “Full Page Cache” and click on “Rate limiting” under the Fastly Configuration.
Step 3: Configure the Rate Limiting Settings
In the Rate Limiting settings, you can set the maximum number of requests allowed per defined seconds. You can also specify the response code to be returned when the limit is exceeded.
Path Protection
This feature is provided with following limitations:
- You can only rate-limit specific paths. Paths are defined within the UI using regular expressions.
- Any paths defined as rate-limited WILL NOT be cached by Fastly. Therefore it’s not a good idea to use to rate limit product, catalog or other cacheable pages.
- Rate limit applies to requests per IP address against the URL paths that have been specified. No other paths are rate limited
Once the block has been issued by the Magento backend Fastly will cache the blocking decision for the duration of the time window defined in the Path Protection Rate Limit TTL.
After you have enabled the feature you will need to click on Manage Paths button.
In the manage paths window you will need to specify URL paths that will be rate limited as regular expression. For example to rate limit access to https://www.domain.com/paypal/transparent/requestSecureToken you would put
^/paypal/transparent/requestSecureTokenThis will match any path starting with /paypal/transparent/requestSecureToken including
/paypal/transparent/requestSecureToken
/paypal/transparent/requestSecureToken/
/paypal/transparent/requestSecureToken/?somethingAbusive Crawler Protection
Unlike path protection Abusive Crawler protection guards against a single user making excessive number of requests that hit your Magento backend. By default we set the threshold to 100. After 100 requests in an hour we’ll start returning a block to the user.
Adjust the settings according to your requirements and click on the “Save Config” button to apply the changes.
It’s important to strike a balance between allowing legitimate traffic and protecting your resources. Experiment with different rate limits to find the optimal configuration for your website or API.
In conclusion, configuring rate limiting in Adobe Commerce Cloud is a crucial step in managing and protecting your resources. By implementing rate limiting, you can prevent abuse and ensure a smooth user experience for your customers.
