The number of connections and requests are limited to ensure that a single user (or bot) cannot overload the whole server.

Request Limits

  • 50 connections / address

  • 50 requests / second / address

  • 150 requests / second (burst)

  • >150 requests / second / address (access limited)

With this configuration, a particular visitor can open up to 50 concurrent connections and issue up to 50 requests / second.

If the visitor issues more than 50 request / second, those requests are delayed and other clients are served first.

If the visitor issues more than 150 request / second, those requests will not processed anymore, but answered with the 503 status code.

Adjust limits

To adjust this limits for special applications such as API calls, set a higher load zone in your Website Level nginx configuration:

# connection limits (e.g. 75 connections)
limit_conn addr 75;

# limit requests / second: (small, medium, large)
limit_req zone=medium burst=500;
limit_req zone=large burst=1500;


To apply the changes reload the nginx configuration with the nginx-reload shortcut.


  • small = 50 requests / second (burst: 150req/sec)

  • medium = 150 requests / second (burst: 500 req/sec)

  • large = 500 requests / second (burst: 1500 req/sec)

Note: the default zone is “small” and will fit most use cases


For details, see the nginx Module ngx_http_limit_req_module documentation.

Limiting User Agents

To avoid overloading caused by search site crawlers, we introduced the ability to limit requests per minute based on the user agent. By default, we limit the bing bot to 60 requests per minute.

These defaults can be overridden in Custom JSON Website Level Configuration, below is an example.

  "limit_useragents_rate": "60",
  "limit_useragents_condition": "~*(mean-bot|bing) $binary_remote_addr;"

The user agent limitation can be completely disabled as follows:

  "limit_useragents_rate": false