Rate limiting rules question

  • Song Simian

    (@song-simian)


    8 years, 1 month ago

    Hi, I want to set my human page views per minute to be low (30 or fewer pages per minute) since I can’t possibly imagine how anyone would just view a new page every 2 seconds.

    However, under the documentation, I read this: “240 per minute is a healthy setting, unless you have many static pages with no AJAX.”

    Why would you set it so high for human visitors–240 pages per minute? Does a single viewing of a page count as 1 out of 240? Can viewing one page generate what Wordfence would consider MORE than 1 page (for example, if loading an image or a plugin on a page can count as 1 request, thereby making some pages count as 10+ requests)?

    I just want to make sure when I set it down 30 pages per minute, it means the person can view up to 30 pages and no more–but neither would he be blocked after viewing fewer than 30 pages. Does that make sense?

    • This topic was modified 8 years, 1 month ago by Song Simian.
Viewing 4 replies - 1 through 4 (of 4 total)
  • Anonymous User 9948090

    (@anonymized-9948090)

    8 years, 1 month ago

    ^^ I have set it to 15. In my opinion, real human will at least wait for 2-3 seconds on a page before going to a new page. Setting 15 is working fine and never blocked any human IP address.

    bluebearmedia

    (@bluebearmedia)

    8 years, 1 month ago

    The problem is that human vs. bot detection is FAR from precise, so if you set it based on presuming it is infallibly determining whether a visitor is a bot or not, you’re going to have a lot of upset human visitors, as well as possibly compromising legit bot traffic, such as Google, yahoo, etc…

    wfalaa

    (@wfalaa)

    8 years, 1 month ago

    Hi Song,
    Ajax requests are counted and those requests are hidden so you get your page loaded once with all these widgets and sliders without even knowing that there was a bunch of ajax requests behind that. Let’s assume one page load equals 5 requests, what about 50 users visiting your website all at the same time? that’s how 240 per minutes is a good figure.

    Also, when it comes to Rate Limiting I suggest using throttling instead of blocking, as it will regulate the traffic to your website till the source (humans/bots) reduces the number of requests below that figure you set in Wordfence rate limiting options.

    Thanks.

    Thread Starter Song Simian

    (@song-simian)

    8 years, 1 month ago

    All these Ajax requests can be seen in the Access Logs, right? Because when I look at my Access Logs, I see almost no Ajax requests. In that case, would 1 page lookup = 1 request? And if I set my human limits to 30 or fewer pages, a person would have to visit a page every 2 seconds to be blocked? My site is Songsimian.com. Thanks!

Viewing 4 replies - 1 through 4 (of 4 total)

The topic ‘Rate limiting rules question’ is closed to new replies.