A single client is not expected to send more than 100 HTTP requests per minute, although by default no action is taken if this threshold is exceeded.

Optionally, a client that exceeds this threshold can be automatically added to a denylist. See Client Denylisting for more information.

If client denylisting is enabled, you might need to configure request counting thresholds.

You can adjust the maximum number of served HTTP requests per client by adding the following property to the locked.properties file:

requestTallyThreshold = max_served_requests_in_30_seconds

Example:

requestTallyThreshold = 100

You can adjust the maximum number of failed HTTP requests per client by adding the following property to the locked.properties file:

 tarPitGraceThreshold = max_failed_requests_in_30_seconds

Example:

 tarPitGraceThreshold = 5