Rate limit gate
The rate limit gate caps how often a visitor can start a download in a category. It uses a token bucket that refills over time, which lets short bursts through but stops sustained abuse.
Per-category settings
Each category has four rate-limit settings on the category edit page:
| Setting | What it does |
|---|---|
| Guest downloads per hour | Hourly cap for guest visitors. Leave blank to inherit the global default. |
| Guest burst allowance | How many downloads a guest can fire off before the cap kicks in. Leave blank to inherit. |
| Member downloads per hour | Hourly cap for logged-in members. Leave blank to inherit. |
| Member burst allowance | How many downloads a member can fire off before the cap kicks in. Leave blank to inherit. |
A blank value falls through to the global default. A value of 0 explicitly disables rate limiting on this category for that scope.
Global defaults
Blank per-category settings fall back to global defaults set under AdminCP > Setup > Options > [MC] Downloads Manager > Protection:
| Setting | Default | What it does |
|---|---|---|
| Guest download rate limit | 0 | Default hourly cap for guests. |
| Guest burst allowance | 5 | Default burst for guests. |
| Member download rate limit | 0 | Default hourly cap for members. |
| Member burst allowance | 20 | Default burst for members. |
How the limit is keyed
The cap is per visitor, not per download. A logged-in user is keyed by their account; a guest is keyed by IP address. When a user hits their cap, every download in any rate-limited category is paused for them until tokens refill.
Bypass
Grant Bypass rate limit to staff or trusted user groups. Visitors with this permission skip the gate entirely.
What the add-on does when this gate triggers
The request returns HTTP 429 with a "try again in N seconds" challenge page. The token bucket refills on a sliding schedule and the next click is allowed once a token is available. Refreshes during the wait do not reset the timer.
Preview
Previews do not consume rate limit tokens.