Vercel WAF rate limiting now generally available

Authors

Vercel Web Application Firewall (WAF) rate limiting is now generally available, giving you precise control over request volumes to your applications.

With over 15 parameters, including target path, headers, method, and cookies, you can define the business logic for rate limiting. Then, apply a rate-limiting algorithm tied to IP, JA4 digest, headers, or user agent to control the frequency of matching traffic within your set limits.

When paired with persistent actions, rate limiting can help reduce resource abuse across Edge Requests, Middleware, Data Transfer, and Function execution.

Rate limiting with a fixed-window algorithm is available today for Pro customers, with an additional token-bucket algorithm available to Enterprise customers. Pricing for rate limiting is regional starting at $.50 per 1 million allowed requests.

Add rate limiting using a template or read the rate limiting documentation to learn more.