Rate limiting controls how many requests researchers can send within a given time window. Applying a policy to your HackGATE site protects your origin server from being overwhelmed — whether by accident during active testing or by a researcher sending an unusually high volume of requests.
Set a rate limiting policy
Rate limiting is configured per site by providing a policy name. The policy name maps to a rate limiter configuration on the proxy — for example, "fixed" applies a fixed-window policy.
curl -X POST https://api-admin.hackgate.io/api/sites/setRateLimiting \
-H "Authorization: Bearer <token>" \
-H "Content-Type: application/json" \
-d '{"id": "SITE_ID", "rateLimit": "fixed"}'
rateLimit value.
Use rate limiting alongside block rules to prevent overload on sensitive endpoints. Block rules stop requests from reaching restricted paths entirely, while rate limiting controls the overall request volume across the site.
Contact support@hckrt.com for information about the rate limiting policy names available on your plan. 
