diff --git a/conf/nginx/rate-limiting.conf b/conf/nginx/rate-limiting.conf
index f5c3117f7..9521f9a82 100644
--- a/conf/nginx/rate-limiting.conf
+++ b/conf/nginx/rate-limiting.conf
@@ -8,7 +8,9 @@ map $http_authorization $registry_bucket {
 }
 
 limit_req_zone $proxy_protocol_addr zone=verbs:10m rate=1r/s;
+limit_req_zone $registry_bucket zone=api:10m rate=1r/s;
 limit_req_zone $registry_bucket zone=repositories:10m rate=1r/s;
-limit_req_zone $registry_bucket zone=catalog:10m rate=10r/m;
+limit_req_zone $registry_bucket zone=catalog:10m rate=20r/m;
+limit_req_zone $registry_bucket zone=registry:10m rate=10r/s;
 limit_req_status 429;
 limit_req_log_level warn;
diff --git a/conf/nginx/server-base.conf.jnj b/conf/nginx/server-base.conf.jnj
index 84af02d6f..803861007 100644
--- a/conf/nginx/server-base.conf.jnj
+++ b/conf/nginx/server-base.conf.jnj
@@ -49,7 +49,6 @@ location ~ ^/_storage_proxy/([^/]+)/([^/]+)/([^/]+)/(.+) {
     proxy_read_timeout 60s;
 }
 
-
 location = /_storage_proxy_auth {
     proxy_pass http://web_app_server;
     proxy_pass_request_body off;
@@ -78,7 +77,7 @@ location ~ ^/(v1/repositories|v2/auth)/ {
 location ~ ^/v2/_catalog(.*)$ {
     proxy_pass http://registry_app_server;
     proxy_read_timeout 10;
-    limit_req zone=catalog;
+    limit_req zone=catalog burst=5;
 }
 
 location /secscan/ {
@@ -105,6 +104,11 @@ location ~ ^/cnr {
     limit_req zone=repositories burst=10;
 }
 
+location ~ ^/api {
+    proxy_pass   http://web_app_server;
+    limit_req zone=api burst=5;
+}
+
 location ~ ^/api/suconfig {
     proxy_pass   http://web_app_server;
 
@@ -140,6 +144,8 @@ location ~ ^/v2 {
     proxy_temp_path /tmp 1 2;
 
     client_max_body_size {{ maximum_layer_size }};
+
+    limit_req zone=registry burst=100;
 }
 
 location ~ ^/v1 {
@@ -158,6 +164,8 @@ location ~ ^/v1 {
     proxy_temp_path /tmp 1 2;
 
     client_max_body_size {{ maximum_layer_size }};
+
+    limit_req zone=registry burst=100;
 }
 
 location /v1/_ping {