Proxies are sold with rules. Providers cap what you can do to keep pools healthy and costs predictable. This page explains the limits you’ll actually encounter, how they’re measured, and how to size a plan so your bots keep running. For where these limits sit in the bigger stack of types, gateways, and routing families, see our starter guide to proxy services.
What “usage limits” usually include
Providers enforce limits on concurrent connections, traffic accounting, target access, port availability, and control-panel/API requests. These limits protect the network and shape pricing.
Beyond hard caps, many vendors add soft “fair-use” rules, slow-mode penalties, and temporary bans when abuse spikes. Read the ToS, not only the price card.
How providers count your usage
Most count per active TCP sessions and bytes transferred; some include UDP when supported. Traffic may be metered egress-only or both ways, which doubles the recorded volume.
Metering is done at the gateway, so your local counters can differ. Rely on the vendor dashboard or billing API for the authoritative numbers.
Limited concurrent connections
Concurrent connection limits set the maximum simultaneous TCP sessions across your package. Exceeding the ceiling causes resets, 5xx from the gateway, or throttling.
Concurrency is how providers stop uncontrolled sharing and contain bursty loads. It is often tied to package size, not IP count alone. For package-level patterns and sizing tips, see Limited concurrent connections.
Blocked websites and apps
Vendors maintain denylists for destinations that generate complaints, legal risk, or disproportionate abuse. If a site or app is on the blocklist, requests are dropped or rewritten.
Blocklists change. Expect blocks on email providers, streaming, certain social platforms, ticketing, sneaker sites, and payment Checkouts. For common patterns and workarounds inside the rules, see Blocked websites & apps.
Blocked ports
Traffic is typically allowed only on a safe subset of outbound ports. SMTP, P2P, and high-risk ports are commonly closed.
Port rules differ by network type and region. If your tool needs a non-standard port, confirm it before buying. For typical allowlists and the usual no-go ports, see Blocked ports.
Bandwidth accounting models
Some plans charge by data, others are “unmetered” but still policed by fair-use. Accounting models impact automation design.
Egress-only counts bytes from proxy to destination. Ingress+egress counts both directions. With chatty protocols, the latter can bill roughly 2x compared to egress-only for the same task.
Fair-use, slow mode, and penalties
Fair-use clauses allow providers to throttle or isolate noisy customers without changing the advertised plan. Hitting hidden tripwires often moves your account into slow mode.
Slow mode typically means lower per-IP concurrency, longer keep-alive timeouts, or rate-limited gateway tokens. Repeat violations escalate to temporary suspension or pool rotation changes.
Dashboard and API rate limits
Control panels and APIs often have their own caps on key actions like refreshing IP lists, rotating credentials, or regenerating endpoints.
Expect minute-level quotas, burst windows, or “1 refresh per X days” on static lists. Build tooling that retries with backoff and surfaces quota errors clearly to operators.
How limits interact with pricing models
Pricing reflects enforcement. Tight concurrency with “unlimited bandwidth” indicates the plan is sold for steady, not bursty, loads. Per-GB plans usually allow higher concurrency but punish wasteful retries.
Match your plan to your real concurrency and rotation pattern. Overbuying IP count won’t help if the package hard-caps sessions at the gateway.
What actually happens when you hit a limit
You will see connection resets, proxy 407/429/5xx responses, or target-side 4xx after risk systems react. In dashboards, look for spikes in refused sessions or quota counters hitting 100%.
Do not rely on ICMP latency to diagnose usage issues. Test with real HTTP/HTTPS requests or your target app, since gateways meter and filter at the L4/L7 layers.
Capacity planning checklist
State your needs in numbers, not adjectives. Write them into your runbooks and tickets.
- Peak and sustained concurrency per bot and in total
- Expected requests per minute and average response size
- Rotation pattern (time-based or per-request) and stickiness needs
- Required outbound ports and any UDP/QUIC requirements
- Frequency of IP list refreshes or credential rotations
- Known blocked targets you must avoid by policy
Typical limits you’ll encounter (quick reference)
| Limit type | What it controls | How it is measured | Common symptoms when exceeded |
| Concurrent connections | Active TCP sessions | Gateway session counter | Resets, 5xx, 429, stalled dials |
| Bandwidth cap | Data transfer allowance | GB egress or in+out | Throttle, overage fees, suspension |
| Blocked targets | Specific domains/apps | Denylist at gateway | Immediate block, NXDOMAIN-style responses, 403 |
| Blocked ports | Outbound port set | Port allowlist | Connect timeout or reject |
| API/dashboard | Refreshes, token ops | Requests per window | 429 from API, disabled buttons |
| Fair-use | Burstiness/abuse | Heuristics | Slow mode, stickiness forced, IPs rotated away |
Terms you will see in ToS
- Concurrent sessions: total simultaneous connections across your plan.
- Thread limit: often used interchangeably with concurrency in proxy marketing.
- Keep-alive timeout: how long an idle connection can stay open.
- Sticky session: keeps an egress IP for a defined time or request count.
- Refresh quota: how often you can regenerate a static list or credentials.
Monitoring and alerting
Track gateway error codes, refused session counts, and quota meters. Alert on 429/5xx increases, not just target-side errors.
Export vendor metrics if available. If not, sample logs at the gateway client and approximate active sessions to correlate with failure spikes.
FAQs
Do “unlimited bandwidth” plans still have limits?
Yes. They usually cap concurrency, impose fair-use, and may throttle heavy users to keep costs under control.
Why do some targets work in tests but fail in production?
Blocklists, port rules, and risk systems can differ by region or ASN. Your production path can hit rules your test path didn’t.
Is UDP or QUIC counted against limits?
If the provider supports it, sessions and bytes are usually metered similarly to TCP. Confirm per network type.
Can I bypass a blocked site by switching IPs faster?
No. If a destination is on the provider’s denylist, requests are filtered regardless of IP rotation.
Why is my “latency” fine but requests fail at scale?
ICMP ping is irrelevant to L4/L7 limits. Measure real HTTP/HTTPS success rates and concurrent session usage.