A rate limiting module receives a first request at a first time that comprises a first tag associated with a first attribute and a second tag associated with a second attribute. A second request is received at a second time that occurs after the first time that includes the first tag and the second tag. Responsive to determining that the second request violates a first rate limit for the first attribute, the rate limiting module rejects the second request. A third request is received at a third time that occurs after the second time that includes the first tag and the second tag. The rate limiting module determines that the third request violates a second rate limit for the second attribute, determines that the second rate limit is to be bypassed, and forwards the third request.