Available indeliver

Limit the rate at which the response is sent to the client.

Tarpitting is an anti-abuse technique designed for situations in which directly closing the connection isn't appropriate. It can also be used to reduce the churn of opening and closing connections on the server side. By forcing a client to wait for every chunk of the response, a tarpit imposes more cost on a potential bad actor than your origin.

Tarpitting is applied only to responses of 4000 bytes or smaller.


interval_s - How often the response chunks should be written to the network, in seconds.

chunk_size_bytes - The size of the response chunks to send, in bytes. Optional. Defaults to 100 bytes.

Interaction with shielding

If your service uses shielding, you should ensure that you perform tarpitting only at the edge POP, not at the shield, since a POP acting as a shield is handling a request from another Fastly POP, not from an end user client. The variable fastly.ff.visits_this_service can be used to determine whether the current VCL execution is happening on a shield server or not.


The following example will force the client to wait for 5 seconds before emitting each 1000 bytes of the response.

sub vcl_deliver {
if (fastly.ff.visits_this_service == 0 && resp.status == 403) {
resp.tarpit(5, 1000);

Try it out

resp.tarpit is used in the following code examples. Examples apply VCL to real-world use cases and can be deployed as they are, or adapted for your own service. See the full list of code examples for more inspiration.

Click RUN on a sample below to provision a Fastly service, execute the code on Fastly, and see how the function behaves.

Slowing down responses (tarpit)

Force a response to be delivered very slowly to reduce the rate at which an attacker can send requests.