Rate Limit Simulator

Model a traffic pattern against a rate-limit rule and see exactly what Cloudflare would allow, challenge, or block.

Rate limit rule

Requests

Window (sec)

URI path pattern

Method

Action

Counting fingerprint

Header match (optional)

Traffic pattern

req/ssecondslabel

Tip: label a phase “Normal” to have its blocked requests counted as estimated false positives.

Total requests

590

% blocked

83.1%

First block

t=32s

Est. false positives

Peak rate

25/s

Request timeline

total allowed blocked / challenged

What would Cloudflare do?

Cloudflare counts matching requests grouped by client IP. Once a single key exceeds 100 requests per 60s, further matching requests from that key are blocked with HTTP 429 until the rolling window drains.

This rule matches POST requests to paths like “/api/login”. The effective sustainable rate for one key is about 1.7 req/s.

The threshold is first crossed at t=32s. In total, 490 of 590 requests (83.1%) would be blocked with HTTP 429.

⚠ Approximately 60 requests from phases you labelled as normal traffic would be caught — likely false positives. Consider raising the limit or tightening the match criteria.