Rate Limiting

By default, Servd will activate rate limiting on your project when it is first created. This is to prevent individual users from being able to flood your project with requests in order to use up all of its resources and stop it from functioning as expected.

All of Servd's rate limiting is only applied to requests which are forwarded to PHP. Requests for static files which are handled by Nginx alone are not rate limited.

If you hit the rate limit you will begin to see requests returned with the 429 HTTP status code.

Our rate limits are made up of two values:

  1. Requests Per Second - The maximum number of requests per second that an individual user is allowed to send to PHP.
  2. Burst - A buffer which can allow additional requests to be sent in a short burst, whilst still abiding by the overall rate limit.

Our default rate limit is 5 requests per second with a 10 request burst. This means that a user can send 15 requests within one second before they are rate limited (5 + 10 from the buffer), but this will use up their total quota for 3 seconds worth of requests, so they'll be subsequently rate limited for that length of time.

We detect requests from individual users by matching against their IP address. We make every effort to accurately detect the end-user's IP address and ignore any trusted proxy servers such as CloudFlare and other CDNs. However our coverage of these services will not be complete.

If you are using a less-popular CDN you might encounter rate limiting due to all end-user requests passing through a CDN IP address which we don't recognise. If this happens you can disable rate limiting from the Servd dashboard and then let us know so that we can consider adding the CDN to our list of trusted proxies.

Updating Your Rate Limit Settings #

  1. Select your project in the Servd dashboard.

  2. Navigate to your project's Access Control page.

  3. Select an appropriate rate limiting value from the options provided.

  4. Save and Sync