diff --git a/common/config.py b/common/config.py
index 6aec690..a6c3cb4 100644
--- a/common/config.py
+++ b/common/config.py
@@ -66,6 +66,11 @@ default = {
         "_proxy-desc": "代理配置，HTTP与HTTPS协议需分开配置",
     },
     "security": {
+        "rate_limit": {
+            "global": 0,
+            "ip": 0,
+            "desc": "请求速率限制，global为全局，ip为单个ip，填入的值为至少间隔多久才能进行一次请求，单位：秒，不限制请填为0"
+        }
         "key": {
             "enable": False,
             "_enable-desc": "是否开启请求key，开启后只有请求头中包含key，且值一样时可以访问API",
diff --git a/main.py b/main.py
index a493301..9ca018c 100644
--- a/main.py
+++ b/main.py
@@ -30,6 +30,7 @@ from common import lxsecurity
 from common import Httpx
 from apis import SongURL
 import traceback
+import time
 Httpx.checkcn()
 
 @app.route('/')
@@ -75,7 +76,21 @@ def check():
     # check ip
     if (config.check_ip_banned(request.remote_addr)):
         return utils.format_dict_json({"code": 1, "msg": "您的IP已被封禁", "data": None}), 403
+    # check global rate limit
+    if (
+        (config.getRequestTime('global') - time.time())
+        <
+        (config.read_config("security.rate_limit.global"))
+        ):
+        return utils.format_dict_json({"code": 5, "msg": "全局限速", "data": None}), 429
+    if (
+        (config.getRequestTime(request.remote_addr) - time.time())
+        <
+        (config.read_config("security.rate_limit.ip"))
+        ):
+        return utils.format_dict_json({"code": 5, "msg": "IP限速", "data": None}), 429
     # update request time
+    config.updateRequestTime('global')
     config.updateRequestTime(request.remote_addr)
     # check host
     if (config.read_config("security.allowed_host.enable")):