Is there a Rate Limiter for serverless functions?

Hi! :slight_smile:

I’m encountering intermittent issues with my serverless function (/handleWebhookResponseGeneration) which receives POSTs from my AWS-hosted service. Could Netlify have rate limiting that’s blocking these requests sometimes? There are maybe max ~200 requests per minute.

Thanks for any insights.

  • We need to know your netlify site name. Example:
    Site ID: f9558776-f0fe-44e5-8340-deca57816cc3

  • Did you try Ask Netlify, our generative AI chatbot, before posting? It pulls info from Support Guides and recent solved forums posts.
    Checked and it seems there might be a rate limiter, though I’m not 100% sure

Do you have an IP that we can check?

There’s a bunch of IPs since the service in AWS is a Lambda function.

We’re still suspecting there’s some kind of rate limiter or firewall or something blocking the requests.

We have Cloudfront in the middle but we’ve added exceptions so it skips handling that endpoint

Here’s one IP address I found:

Also it seems my site is under frequent huge ddos attacks, but it’s probably unrelated to this issue since Cloudflare seems to stop them.

Does this mean you are using Cloudflare in front of Netlify?

If that is the case the Cloudflare is likely the one doing the rate limiting.

I’m pretty confident that Cloudflare isn’t the one rate limiting us because I’ve set it up specifically to keep our endpoint open and accessible.

Also, I’ve had to bring Cloudflare into the mix as a necessity. Netlify was struggling to fend off some pretty intense bot attacks on my site. To give you an idea, here’s how the traffic spiked recently:

So, using Cloudfront on top of Netlify is really my only option to keep the site up and running smoothly, steering clear of those DDoS troubles Netlify can’t quite manage.

Could we take another look to ensure that Netlify isn’t accidentally blocking our webhook calls?

Appreciate your assistance on this!


First you say

Then you say

Are you using Cloudflare or Cloudfront? Or both? If you’re using either (or both) try turning them off. If you still observe the same issues, then you can confidently say it is an issue with Netlify. If the issue disappears then it is whatever service(s) you are using in front of Netlify that are causing the issue.

Ah, Sorry for that. I’m very sleep deprived due to a newborn baby and typoed.

I’m using Clouflare. I can’t turn it off due to the constant ddos attacks

I checked the traffic for your site (for that particular function) over the past 30 days and I don’t see any sudden drop (as would have been the case if we blocked):

Furthermore, I checked the IP you reported and don’t see any blocks for that either. Is there a specific time frame we can check? What’s the error message that you received that made you feel it might be blocked or rate limited?

These are the list of status codes that we served:


Not a single 429.

Thank you! This already helps me a lot in debugging what the reason is.

(I’ve had to change a service provider and it’s been an uphill battle. Trying to figure out what causes the issues. Seems like it’s not Netlify!)

Hi there again : )

My users reported a lot of issues last night. Can you see anything between time frame 9pm and 1am (UTC)?


I don’t see anything. This is the chart for all requests served by the mentioned function from April 9 9PM to April 10 1AM UTC:

We served a 200 status for all. However, I do see some IPs being banned. What kind of issues did your users report?

You see some IPs banned? Can you unban those? That’s been breaking my service for a long time now!

The issue is that the webhook doesn’t receive the response, thus breaking my whole service. And the cause seems to have been the IP bans. Can you remove the bans ASAP? I’ve lost A LOT OF customers the past month due to this.

I don’t want any Rate limiting, IP bans or anything on Netlify’s side. I do rate limiting and IP banning on my own functions PLUS I have Cloudflare taking care of most things on top of this.

Sorry, but this is not-doable. The bans exist for network protections. If a single IP tries to make too many network requests, it is banned.

This is not something that can be configured per site. We actively protect our network based on various factors we consider problematic.

1 Like

Are you absolutely sure? I need to switch off Netlify due to this. I’ve been a happy customer for over a year and this is the thing why I have to leave? Not happy…

Can I pay extra to turn off the IP ban? Any other solutions? I have to close down my whole site due to this

Edit: contacted the support team, this is a very code red situtation and can’t wait for responses anymore

Oh no, the world is ending! :scream:

The fact there are IPs being banned for hammering your service is something you need to solve. First question you need to answer is why are users hammering your site/service and how can your avoid it happening? (Asking for a gaping hole in this platform’s security isn’t the solution.)

Moving to another platform isn’t guaranteed to solve the issue. All platforms/services implement bans on IPs that make more than an appropriate number of requests. That’s how Cloudflare works.

The world is ending for my site and the 400k users.

You didn’t read my message. There are no users hammering the service, it is a service of mine hammering it (50k times a day). This issue is solved on Cloudflare since I have added an exception to this endpoint.

I don’t think we’re banning the webhook or the service. Last I checked, we’re banning your users’ IPs. One of the IPs that I remember checking had Airtel as the service provider. Does that sound like your service that is getting banned?

Only my service is calling this endpoint. And yes, Airtel sounds about right. There are a lot of places where the calls might come from, Airtel being one of them