diff --git a/roles/archweb/templates/nginx.d.conf.j2 b/roles/archweb/templates/nginx.d.conf.j2
index d23c418e2ecf68fd0010ad99822db19f36a1b2eb..a3b6993a7f2f4de69c6a03efcda598a5c0c4834f 100644
--- a/roles/archweb/templates/nginx.d.conf.j2
+++ b/roles/archweb/templates/nginx.d.conf.j2
@@ -1,8 +1,11 @@
 # limit rss requests to 1 r/m
 limit_req_zone $binary_remote_addr zone=rsslimit:8m rate=1r/m;
 
-# limit general requests to 20 r/s to block DoS attempts.
-limit_req_zone $binary_remote_addr zone=archweblimit:10m rate=20r/s;
+# limit mirrors/status/json requests to 1 r/m
+limit_req_zone $binary_remote_addr zone=mirrorstatuslimit:8m rate=1r/m;
+
+# limit general requests to 10 r/s to block DoS attempts.
+limit_req_zone $binary_remote_addr zone=archweblimit:10m rate=10r/s;
 
 limit_req_status 429;
 
@@ -191,6 +194,19 @@ server {
         limit_req zone=rsslimit burst=10 nodelay;
     }
 
+    # Rate limit mirror status json endpoint
+    location /mirrors/status/json {
+        include uwsgi_params;
+        uwsgi_pass archweb;
+
+        uwsgi_cache archwebcache;
+        uwsgi_cache_revalidate on;
+        uwsgi_cache_key $cache_key;
+        add_header X-Cache-Status $upstream_cache_status;
+
+        limit_req zone=mirrorstatuslimit burst=10 nodelay;
+    }
+
     # Temporary redirects
     location /people/trusted-user-fellows/ {
         return 301 /people/package-maintainer-fellows/;