---
title: ratelimit.penaltybox_has
summary: null
url: >-
  https://www.fastly.com/documentation/reference/vcl/functions/rate-limiting/ratelimit-penaltybox-has
---

```
BOOL ratelimit.penaltybox_has(ID pb, STRING entry)
```

**Available in:** all subroutines

Check if a user is currently within a penalty box (penalized).

For rate limiting purposes, consider using the `ratelimit.check_rate` and
`ratelimit.check_rates` functions instead, which correctly handle the necessary
details.

## Parameters

`pb` - The penalty box.

`entry` - The entry to keep track of. Typically `client.ip`, and any associated
metadata. An entry can be, at maximum, 256 bytes long.

## Return value

Upon completion, this function returns `true` if the entry exists in the
penalty box (i.e., the client is penalized) or `false` otherwise.

In the event an error occurs, the default return value is `false`; therefore
errors (via `fastly.error`) must be handled specifically.

## Errors

If the given `entry` is longer than 256 bytes, then `false` is returned, and
`fastly.error` is set to `EINVAL`.

## Example

The following example will check if the client making the request exists in the
given penalty box. If so, the service immediately errors and returns 429 to the
client.

```vcl
penaltybox pbox { }

sub vcl_recv {
  if (ratelimit.penaltybox_has(pbox, client.ip)) {
    error 429 "Too many requests";
  }
}
```