Ship access logs. Throttled.IO continuously detects scrapers and bots, and keeps an abuse ban list up to date. Your WAF or firewall polls it on its own schedule. Nothing touches your request path — if we go down, your service stays up.
How it works
The setup is intentionally minimal. You ship logs, Throttled.IO does the analysis, and you consume the ban list from your own infrastructure. Each step is a simple API call — and steps 1 and 3 are entirely under your control.
Zero-dependency enforcement. Because Throttled.IO never proxies your traffic, any outage on our side has no impact on your service. Your firewall keeps running on its last-fetched ban list until we're back — unlike a reverse-proxy or CDN WAF that sits inline.
Forward access logs to Throttled.IO via a single HTTP call — per request or in batches from your load balancer. No agent to install, no SDK to import, no changes to your request pipeline.
POST https://api.throttled.io/logs
Behavioral detectors run continuously against your log stream. Scrapers, brute-force bots, and always-on automation are flagged, enriched with ASN and org data, and added to your ban list — automatically, on every report cycle.
Poll /banlist from your WAF, firewall, or CDN
on whatever cadence your setup needs. Get subnets in JSON or iptables format. Your
stack, your enforcement layer, your schedule.
GET https://api.throttled.io/banlist
Want more control? Define custom detector rules, manage IP/ASN allowlists, inspect traffic dashboards, and simulate ban impact before enforcing. See all capabilities ↓
When you need more control
The core loop is simple by design. But when you want deeper visibility or tighter control, it's all here — custom detector rules, allowlists, traffic dashboards, impact simulation, and automated enforcement.
Integrates via log ingestion only. Never inline, never a risk to your uptime. Deploy safely alongside any existing stack.
Group and analyze traffic by individual IP, subnet prefix, ASN, country, or registry. See the full blast radius at once.
Configurable detectors catch scrapers, brute-force attackers, and always-on bots across custom time windows and endpoint patterns.
Skip the guesswork. Throttled.IO evaluates your traffic baseline — request rates, session lengths, path diversity — and proposes detector rules calibrated to what's actually unusual for your service.
Before banning any subnet or ASN, preview the estimated effect on legitimate traffic to avoid costly false positives.
Residential IPs get abuse-report templates. Hosting providers get ASN/subnet block suggestions. Context-aware, not generic.
Ready-to-send abuse reports for ISP- and residential-originated traffic, with org contacts resolved automatically via RDAP.
Exclude by IP, subnet, ASN, or entire country. Auto-exclude internal ranges, Googlebot, and social preview crawlers. The same list covers trusted sources and false-positive overrides.
Every ban decision is recorded with its reason and timestamp. Full historical auditability out of the box.
Scope detectors to individual hostnames using regex patterns. Each service gets its own independent ban list and detector configuration.
Once you trust a detector's accuracy, flip it to auto-ban. Flagged IPs land in the ban list the moment the report runs — no human step required.
Get notified on Slack or email the moment a new abuse report is generated. Know what's happening without having to log in and check.
Enrichment data
Every IP, ASN, or time window query returns structured intelligence — not just raw addresses.
Pricing
Billed by requests analyzed per month.
No per-seat fees, no hidden add-ons.
Start free — upgrade when your traffic demands it.
Spaceship
We'll scope a plan around your infrastructure.
Early access
Join the waitlist and be first to connect Throttled.IO to your log pipeline. Three API calls. No proxy. No new failure point. Just a continuously updated ban list your firewall can pull at any time.