Stratus Security Guides - Traffic Limits

Webscale STRATUS is a multi-tenant architecture using micro-services to provide the ideal hosting environment for Magento.

Certain services are restricted in terms of how much CPU and memory they can use to prevent memory leaks and other issues from affecting your site.  Services that need fluid limits, like PHP, are handled differently.

The Redis, memcache, Nginx and Elasticsearch services all have lower memory limits with less than 4GB as a maximum. A majority of stores do not exceed them and our team can adjust them if needed.

Varnish malloc is set to 1GB, and Varnish generally only has 1 GB of memory associated with it, assuming it can use it all. Static caching is disabled by default in the Magento 2 VCL: only FPC information is stored in Varnish while CloudFront is used for static asset caching.

PHP-FPM scales horizontally and is restricted to 50% of the CPU available on a physical node, and when autoscaling is enabled, it expands horizontally based on the CPU utilization.

Rate limits

We have several rate limits and other blocks in place on Webscale STRATUS to prevent malicious attacks against customers’ stores.

For security purposes, the exact limits are not available publicly.

Limited URLs

URLs containing, but not limited to, these phrases are rate limited:

  • catalogsearch

User Agents

User agents containing, but not limited to, these strings are blocked. These blocks are controlled in the [Access > Block Bots][1] panel of your Webscale STRATUS Admin panel.

  • yandex
  • baidu
  • megaindex
  • ru_bot
  • dotbot
  • ahrefs
  • mj12


You may select what countries to block or unblock in the [Access > Block Countries][2] section of your Webscale STRATUS Admin panel.

Plan API Rate Limits

Our plans have specific limits for the API endpoints on Magento 1 and 2.

  • Starter — 2 requests/second

  • Pro — 25 requests/second

  • Pro-Plus — 25 requests/second

  • Pro-Elite — 30 requests/second

  • Growth — 35 requests/second

  • Scale — 50 requests/second

  • Enterprise –— 75 requests/second

  • Custom — 100+ requests/second

Last modified January 1, 0001