Questions about pricing on Vercel Firewall rate limiting

Questions about pricing on Vercel Firewall rate limiting:

  1. The rate limit pricing states $0.5 per 1M allowed requests. Is this applied before or after other filters such as DDOS Mitigation?
  2. If multiple rate limit rules are added, is the $0.5 per 1M pricing applied overall, or to each rate limit rule?

Hi @stephentangcook, welcome to the Vercel Community!

Thanks for posting your question here.

According to the Firewall docs, DDOS mitigation happens before the Web application firewall, as shown in this image:

About DDOS billing, you are only charged for requests before the attack is detected by our system and for any request that doesn’t classify as DDOS. You can learn more here, DDOS and Billing.

About your second question: you charged per 1M requests that go through to your application after applying all the rules (as per the image shared earlier). The pricing is dependent on the region. So, I’d request you to read more on the Usage & Pricing for Vercel WAF docs.

WAF rate limiting now has higher included limits