---
type: reference
---

# User and IP rate limits **(CORE ONLY)**

Rate limiting is a common technique used to improve the security and durability
of a web application. For more details, see
[Rate limits](../../../security/rate_limits.md).

The following limits can be enforced in **Admin Area > Settings > Network > User and
IP rate limits**:

- Unauthenticated requests
- Authenticated API requests
- Authenticated web requests

These limits are disabled by default.

![user-and-ip-rate-limits](img/user_and_ip_rate_limits.png)

<!-- ## Troubleshooting

Include any troubleshooting steps that you can foresee. If you know beforehand what issues
one might have when setting this up, or when something is changed, or on upgrading, it's
important to describe those, too. Think of things that may go wrong and include them here.
This is important to minimize requests for support, and to avoid doc comments with
questions that you know someone might ask.

Each scenario can be a third-level heading, e.g. `### Getting error message X`.
If you have none to add when creating a doc, leave this section in place
but commented out to help encourage others to add to it in the future. -->