Rate Limiter Settings

The Rate Limiter settings control the rate of requests sent or received by your Rocket.Chat workspace. This setting can be used to prevent cyber attacks like DoS (Denial of Service) attacks and limit web scraping. To access it, go to Administration > Workspace > Settings > Rate Limiter.

Configure API rate limiter

Customize rate-limiting for REST APIs according to your needs.

Field	Description
Enable Rate Limiter	Enable API rate limiter.
Enable Rate Limiter in development	Enable rate limiter for development to limit the number of calls to the endpoints in the development environment.
Default number calls to the rate limiter	Set the number of default calls for each endpoint of the REST API that are allowed within the time range defined below.
Default time limit for the rate limiter (in ms)	Enter the time (in milliseconds) to limit the number of calls at each endpoint.

Configure DDP rate limiter

Customize rate-limiting for methods and subscriptions to avoid a high load of WebSocket (a communication protocol that allows for simultaneous data transmission in one channel) messages on your workspace.

Field	Description
Limit by IP: enabled	Enable rate limiting by IP. If you enable this option, you can update the following settings: Limit by IP: requests allowed: Set the number of requests allowed. Limit by IP: interval time: Enter the time interval to limit an IP.
Limit by User	Enable DDP rate-limiting by users. If you enable this option, you can update the following settings: Limit by User: requests allowed: Enter the number of requests allowed. Limit by User: interval time: Enter the time interval to limit a user.
Limit by Connection	Enable limiting connection requests. If you enable this option, you can update the following settings: Limit by Connection: requests allowed: Enter the number of connection requests allowed. Limit by Connection: interval time: Enter the time interval to limit connections.
Limit by User per Method	Enable limiting user's request rate per method. If you enable this option, you can update the following settings: Limit by User per Method: requests allowed: Enter the number of requests allowed. Limit by User per Method: interval time: Enter the time interval to limit a user per method.
Limit by Connection per Method	Enable connection limit per method. If you enable this option, you can update the following settings: Limit by Connection per Method: requests allowed: Enter the number of requests allowed. Limit by Connection per Method: interval time: Enter the time interval to limit connections per method.

Set feature limiting

Setting this up gets your sever full protection from email and username enumeration by brute force attack.

Default number calls to the rate limiter for registering a user: Enter the number of default calls for user registering endpoints (REST and real-time APIs) that are allowed within the time range defined in the API Rate Limiter section.