diff --git a/roles/float-infra-nginx/templates/config/sites-available/default b/roles/float-infra-nginx/templates/config/sites-available/default
index 94076a9bf99c573236e1a9f50497c17b33489548..c6eea0c696fe65bbaa81b40ad8f5d9f8d91363d2 100644
--- a/roles/float-infra-nginx/templates/config/sites-available/default
+++ b/roles/float-infra-nginx/templates/config/sites-available/default
@@ -22,9 +22,13 @@ server {
         }
 {% endif %}
 
-	if ($top_level_domain_redirect) {
-		return 301 $top_level_domain_redirect$request_uri;
-	}
+        if ($top_level_domain_redirect) {
+                return 301 $top_level_domain_redirect$request_uri;
+        }
+
+        # Global rate limits for the entire site (to protect backends).
+        limit_req zone=perip burst={{ nginx_limit_perip_burst }};
+        limit_req zone=perserver burst={{ nginx_limit_perserver_burst }};
 
         # Redirect everything else to HTTPS.
         location / {
@@ -42,6 +46,10 @@ server {
         root /var/www/html;
         index index.html;
 
+        # Global rate limits for the entire site (to protect backends).
+        limit_req zone=perip burst={{ nginx_limit_perip_burst }};
+        limit_req zone=perserver burst={{ nginx_limit_perserver_burst }};
+
         location /healthcheck {
                  access_log off;
                  return 200 "OK\n";