Rate-Limit & Abuse Simulator

Simulate traffic patterns and visualize when throttling (429) would happen — compare per-user vs per-IP, export results as CSV, and download charts.

Back to Tools

Set your limit
  • Rate limit = tokens refilled per window (example: 60 per minute).
  • Burst allows temporary extra tokens to absorb spikes (example: 20).
  • Window controls refill speed (per second / minute / hour).
Choose traffic
  • Total requests = how many calls to simulate.
  • RPS = requests per second.
  • Pattern: Steady (normal), Burst (spike), Ramp (gradual increase).
Understand “per-user vs per-IP”
  • Per-user limits each authenticated user separately (best for logged-in APIs).
  • Per-IP limits by IP address (good for anonymous traffic, but harsh behind NAT).
  • Enable Compare per-user vs per-IP to see both outcomes on one run.
Real-world tip: on campus Wi-Fi / companies, many users share one IP → IP-only limits can create “false throttling”.
Run + read charts
  • Click Run simulation.
  • Primary chart shows ALLOW (1) vs 429 (0) over time + cumulative 429.
  • Comparison chart shows which policy blocks more requests.
  • Download charts as PNG for your reports.
Export results
  • Export CSV downloads raw events (time, identity, status, tokens).
  • Use it to reproduce charts or analyze in Excel/Sheets.
  • Copy ready snippets for Django and Nginx from tabs.
Fast “real” test you can try now
Try a typical NAT scenario (campus Wi-Fi):
Limit: 60 / minute
Burst: 10
Total: 600
RPS: 10
Pattern: Steady
Compare: ON
Users: 200
IPs: 2
Primary scope: Per-user
Expected: per-IP blocks much more than per-user
Tip: jump to Charts tab after running.
Extra tokens allowed temporarily (helps absorb spikes).
Controls the main chart & CSV export (comparison shows both).
Per-user spreads requests across users; per-IP spreads across IPs (NAT/proxy makes IP-only limits harsh).
Reset
Export CSV

Result

Charts + preview + configs
Fill the form and click Run simulation to see charts and results.