> ## Documentation Index
> Fetch the complete documentation index at: https://developers.chatwoot.com/llms.txt
> Use this file to discover all available pages before exploring further.

# Rate Limiting

> Configure rate limiting to protect your Chatwoot installation from abuse

To protect the system from abusive requests, Chatwoot makes use of [`rack_attack`](https://github.com/rack/rack-attack) gem.
You could customize the configuration to suit your needs by updating, [`config/initializers/rack_attack.rb`](https://github.com/chatwoot/chatwoot/blob/develop/config/initializers/rack_attack.rb)

## Default Rate Limits

* Chatwoot will throttles requests by IP at `60rpm`, Unless the request is from an allowed IP `['127.0.0.1', '::1']`
* Signup Requests are limited by IP at `5 requests` per `5 minutes`.
* SignIn Requests are limited by IP at `5 requests` per `20 seconds`.
* SignIn Requests are limited by email address at `20 requests` per `5 minutes` for a specific email.
* Reset Password Requests are limited at `5 requests` per `1 hour` for a specific email.

## Attachment Restrictions

* `Contact/Inbox Avatar` attachment file types are limited to jpeg, gif and png.
* `Contact/Inbox Avatar` attachment file size is limited to 15MB.
* `Website Channel` message attachments are limited to types \['image/png', 'image/jpeg', 'image/gif', 'image/bmp', 'image/tiff', 'application/pdf', 'audio/mpeg', 'video/mp4', 'audio/ogg', 'text/csv']
* `Website Channel` message attachments are limited to 40MB size limit.

## Disabling Rack attack on your instance

You can control the behaviour of rack attack in your instance via the following environment variables.

```bash theme={null}
## Rack Attack configuration
## To prevent and throttle abusive requests.
# Disable if you are getting too many request errors for custom use cases
# ENABLE_RACK_ATTACK=true
# Control the allowed number of requests
# RACK_ATTACK_LIMIT=300
# Control whether you want to enable rack attack for widget APIs
# ENABLE_RACK_ATTACK_WIDGET_API=true
```