Rate Limiting: Delivering more rules, and greater control

Cloudflare has observed a significant increase in Layer 7 based DDoS attacks over the past six months. These attacks focus on exhausting server resources rather than using large payloads. To combat this, Cloudflare has introduced Rate Limiting, which is proving to be an effective tool for customers to protect their web applications and APIs from various types of attacks such as "low and slow" DDoS attacks, credential stuffing, content scraping, etc. The company has also added new capabilities like the Cloudflare JavaScript Challenge and Google reCaptcha (Challenge) mitigation actions for Pro and Business plans to help customers more accurately identify traffic. Additionally, Rate Limiting is now more dynamically scalable with a feature that allows it to count on Origin Response Headers for Business and Enterprise customers.