I have a site that serves with Netlify and I want to protect its API endpoint with rate limiting. I see no such a service by Netlify. Please let me know if I’m wrong.
I found Cloudflare provides an API rate limiter. It requires the site to use Cloudflare nameservers. But I need to use Netlify nameservers to serve the site with Netlify, as I understand. How should I setup it right? Thanks!
There isn’t any built in rate limiting feature for static files you’d serve via your site - is your API static? If so, we wouldn’t expect any problem with thousands of requests per minute to it. If there is a backend computing component, you could try to add rate limiting there, but it would be a bit hard to do as you’d have to write it yourself and keep the state around connection velocity (e.g. in the database that the function or remote service accesses).
Re: nameservers, you can host DNS anywhere without problems using Netlify; Cloudflare has some of the best options: [Support Guide] Which are some good DNS providers for ALIAS/ANAME support? . However, most of Cloudflare’s services - including the one you speak of in all likelihood - require a configuration there that is really suboptimal for our service - proxying TO us from them (so they can terminate your connections and apply their security rules to page loads through their service).
This article describes the problems with that configuration, which we can’t stop you from using, but which we cannot provide tech support on:
Take a look and let me know if you have any questions!