diff --git a/privfrontends/templates/Caddyfile.j2 b/privfrontends/templates/Caddyfile.j2
index 2062d4b..c52cfb9 100644
--- a/privfrontends/templates/Caddyfile.j2
+++ b/privfrontends/templates/Caddyfile.j2
@@ -2,6 +2,7 @@
 	log {
 		output discard
 	}
+	order rate_limit before basicauth
 }
 
 (tor) {
@@ -77,6 +78,12 @@ lbry.{{ server_prefix }}.projectsegfau.lt lbry.projectsegfau.lt {
 nitter.{{ server_prefix }}.projectsegfau.lt nitter.projectsegfau.lt n.psf.lt n.{{ server_prefix }}.psf.lt {
         import def
 		import banips
+		
+	@rlignore {
+		not path /css/* /js/* /fonts/* /browserconfig.xml /android-chrome* /favicon* /logo* /lp.svg /robots.txt /safari* /site.webmanifest /pic/*
+	}
+        rate_limit @rlignore {remote.ip} 2r/s 60000 500
+        rate_limit @rlignore {remote.ip} 30r/m 300000 500
         log {
                 # This is temporarily required to monitor nitter traffic due to scrapers being more active, so we need to monitor and rate limit them at a later date.
                         output file /var/log/caddy/ratelimiters.log
@@ -85,8 +92,10 @@ nitter.{{ server_prefix }}.projectsegfau.lt nitter.projectsegfau.lt n.psf.lt n.{
         header {
                 header Content-Security-Policy "default-src 'none'; script-src 'self' 'unsafe-inline'; script-src-attr 'none'; img-src 'self'; style-src 'self' 'unsafe-inline'; style-src-elem 'self'; font-src 'self'; object-src 'none'; media-src 'self' blob:; worker-src 'self' blob:; base-uri 'self'; form-action 'self'; frame-ancestors 'self'; connect-src 'self' https://*.twimg.com; manifest-src 'self'"
         }
-        reverse_proxy :8065 {
-			header_up X-Real-IP {remote_host}
+        reverse_proxy :8387 {
+			transport http {
+				compression off
+			}
 		}
 		import torloc nitter
 		import i2ploc pjsfs4ukb6prmfx3qx3a5ef2cpcupkvcrxdh72kqn2rxc2cw4nka.b32.i2p