Protection
Rate Limiting & Deployment Protection
Throttle abusive traffic and gate non-production deployments behind a password — both enforced at the edge before requests reach your app.
Rate limiting
In the dashboardProject → Firewall → Rate Limiting
When enabled, the proxy counts requests and rejects ones that exceed your configured rate with a 429 Too Many Requests.
| Setting | Default | Meaning |
|---|---|---|
| Requests / minute | 1000 | Sustained requests allowed per window |
| Burst | 100 | Extra requests tolerated in a short spike |
| Per IP | On | Count per client IP instead of globally |
Limits apply across all traffic to your deployment. Set them comfortably above your real peak so legitimate users are never throttled.
Deployment protection
In the dashboardProject → Settings → Security
Password-protect a deployment so only people with the password can view it — ideal for staging, previews, or work-in-progress you don't want public or indexed. Visitors are shown a password prompt by the proxy before any content is served.
Combine this with the Firewall trusted-IP rules to allow your office or VPN through without the prompt.