diff --git a/.env.production.sample b/.env.production.sample
index efb5661fdd3dc..15746a32df4ae 100644
--- a/.env.production.sample
+++ b/.env.production.sample
@@ -47,6 +47,10 @@ OTP_SECRET=
 VAPID_PRIVATE_KEY=
 VAPID_PUBLIC_KEY=
 
+# Rate limit for the status API
+# STATUS_API_LIMIT=100
+# STATUS_API_PERIOD=20
+
 # Registrations
 # Single user mode will disable registrations and redirect frontpage to the first profile
 # SINGLE_USER_MODE=true
diff --git a/config/initializers/rack_attack.rb b/config/initializers/rack_attack.rb
index 8756b8fbf0e20..98af32196879c 100644
--- a/config/initializers/rack_attack.rb
+++ b/config/initializers/rack_attack.rb
@@ -53,6 +53,10 @@ def web_request?
     req.ip if req.api_request?
   end
 
+  throttle('throttle_status', limit: (ENV['STATUS_API_LIMIT'] || 100).to_i, period: (ENV['STATUS_API_PERIOD'] || 20).to_i.minutes) do |req|
+    req.authenticated_user_id if req.post? && req.path.start_with?('/api/v1/statuses')
+  end
+
   throttle('throttle_media', limit: 30, period: 30.minutes) do |req|
     req.authenticated_user_id if req.post? && req.path.start_with?('/api/v1/media')
   end