Should we log clients exceeding rate limit? strategies to manage rate limit

“Does Netlify recommend logging the activity of clients who exceed the rate limit on my website? If so, what strategies or tools does Netlify provide for logging and analyzing client activity, and how can I use this information to improve performance and user experience? Additionally, is there an official library or package recommended by Netlify for implementing rate limit on my website hosted on their platform? I would like to know if there is any tool or feature in Netlify that allows me to monitor traffic and user activity on my website, if Netlify provides any strategy or recommendation for controlling and disconnecting unusual or malicious traffic on my website, and if there is any notification system that Netlify offers in case of exceeding the rate limit or making too many requests on my website. I would appreciate any advice or recommendation that can be provided to ensure that my website on Netlify is secure, functioning optimally, and provides the best possible user experience.”

Hi @gabrieldevallan :wave:t6: ,

I think it would be a good idea to track the activity of clients who exceed the rate limit on your sites., especially to reduce the likelihood of abuse or unwanted traffic.

We have a built-in analytics that you can use for monitoring the activity:

Overall, I’d encourage you to review your site’s logs and analytics and implement the security measures you need as you see fit. I hope these tools can provided you the needed information. Best of luck.

We have been conducting tests on our Netlify application to verify if the speed limit we have implemented is working correctly. However, we have discovered that despite adding Auth0 authentication and authorization header to our API requests, we can still exceed the rate limit we have set. Therefore, we would like to request your assistance in fixing this issue and ensuring that the speed limit is working correctly.

We have reviewed the Netlify documentation on API request rate limiting (Get started with the Netlify API | Netlify Docs), but we are still unsure of what could be causing this issue. Could you please provide us with more information on possible causes and how we can fix it?

We appreciate any additional help you can provide to resolve this issue and ensure that our speed limit is working correctly, or if you need to enable this feature to our site. Thank you for your time and effort on this matter.

Feel free to log it as long as it fits the privacy policy requirement of your application - Netlify is not going to stop you from adding your own logs.

That’s a very broad question and not something Netlify can directly help you with. On the Enterprise plan, Netlify provides Log Drains that can help you see your site’s access logs in the tool of your choice, but analysing those longs and extracting meaningful conclusion would be something that you need to handle. Improving your app’s user experience is not something we can help with.


Mentioned above

None as this cannot be the same for all sites, you need to make the decisions for your site. We don’t know what or how much is unusual or malicious for your site.

None. The rate limiters we have in place would not be notifying you if/when we block traffic to your site.

Another very broad question. We don’t know your site or your app’s requirements, its user base, the technologies you’re using or anything of that sort. We cannot help you make your site highly secure and optimal - that’s beyond our scope. We can only help with Netlify features. For example, for security, if you’re unable to get a SSL for your site on Netlify, we can help with that. For optimum performance, if your site is loading very slowly, we can try to figure out the cause of that. But, we cannot offer a magic bullet solution for any of your mentioned concerns/problems.

Where are those rate limits set? On Netlify, or Auth0? How are those implemented?

That’s Netlify API, which has nothing to do with your site browsing or the Auth0 authentication on your site.