diff --git a/conf/rate-limiting.conf b/conf/rate-limiting.conf
index f9b43e6ef..d7e80c67d 100644
--- a/conf/rate-limiting.conf
+++ b/conf/rate-limiting.conf
@@ -9,7 +9,7 @@ map $http_authorization $registry_bucket {
   default $http_authorization;
 }
 
-limit_req_zone $proxy_protocol_addr zone=api:10m rate=2r/s;
+limit_req_zone $proxy_protocol_addr zone=verbs:10m rate=2r/s;
 limit_req_zone $registry_bucket zone=repositories:10m rate=2r/s;
 limit_req_status 429;
 limit_req_log_level warn;
diff --git a/conf/server-base.conf b/conf/server-base.conf
index 7e7c987f2..2f03b11b2 100644
--- a/conf/server-base.conf
+++ b/conf/server-base.conf
@@ -26,6 +26,9 @@ location /realtime {
     proxy_request_buffering off;
 }
 
+# At the begining and end of a push/pull, /v1/repositories is hit by the Docker
+# client. By rate-limiting just this endpoint, we can avoid accidentally
+# blocking pulls/pushes for images with many layers.
 location /v1/repositories/ {
     proxy_buffering off;
 
@@ -57,7 +60,7 @@ location /c1/ {
     proxy_pass   http://verbs_app_server;
     proxy_temp_path /var/log/nginx/proxy_temp 1 2;
 
-    limit_req zone=api burst=10;
+    limit_req zone=verbs burst=10;
 }
 
 location /static/ {