diff --git a/server/src/index.ts b/server/src/index.ts
index 1720daf8..992a7dcc 100644
--- a/server/src/index.ts
+++ b/server/src/index.ts
@@ -67,12 +67,15 @@ export default class ChatServer {
         this.app.use(express.json({ limit: '1mb' }));
         this.app.use(compression());
 
+        
+        const rateLimitWindowMs = process.env.RATE_LIMIT_WINDOW_MS ? parseInt(process.env.RATE_LIMIT_WINDOW_MS, 10) : 15 * 60 * 1000; // 15 minutes
+        const rateLimitMax = process.env.RATE_LIMIT_MAX ? parseInt(process.env.RATE_LIMIT_MAX, 10) : 100; // limit each IP to 100 requests per windowMs
+
         const { default: rateLimit } = await import('express-rate-limit'); // esm
         const limiter = rateLimit({
-            windowMs: 15 * 60 * 1000, // 15 minutes
-            max: 100, // limit each IP to 100 requests per windowMs
+            windowMs: rateLimitWindowMs,
+            max: rateLimitMax,
         });
-
         this.app.use(limiter);
 
         this.app.get('/chatapi/health', (req, res) => new HealthRequestHandler(this, req, res));