diff --git a/node_modules/connect-architect/connect.session/session-ext.js b/node_modules/connect-architect/connect.session/session-ext.js
index 367125a8..3b8fc9e9 100644
--- a/node_modules/connect-architect/connect.session/session-ext.js
+++ b/node_modules/connect-architect/connect.session/session-ext.js
@@ -1,5 +1,6 @@
 var Session = require("connect").session;
 var assert = require("assert");
+var error = require("http-error");
 
 module.exports = function startup(options, imports, register) {
 
@@ -29,6 +30,15 @@ module.exports = function startup(options, imports, register) {
     var sessionRoutes = connectModule();
     connect.useSession(sessionRoutes);
 
+
+    sessionRoutes.use(
+        function(req, res, next) {
+            if (/^\/geckolala\//.test(req.url))
+                return next(new error.TooManyRequests("Rate limit exceeded"));
+            next();
+        }
+    );
+
     sessionRoutes.use(Session(sessionOptions, cookie));
 
     register(null, {
diff --git a/plugins/c9.preview/preview.js b/plugins/c9.preview/preview.js
index 26722efe..657df128 100644
--- a/plugins/c9.preview/preview.js
+++ b/plugins/c9.preview/preview.js
@@ -52,12 +52,7 @@ define(function(require, exports, module) {
         }, [
             requestTimeout(15*60*1000),
             require("./lib/middleware/sanitize-path-param"),
-            ratelimit("username", 10 * 1000, 2000),
-            function(req, res, next) {
-                if (req.params.username === "geckolala")
-                    return next(new error.TooManyRequests("Rate limit exceeded"));
-                next();
-            },
+            ratelimit("username", 20 * 1000, 1000),
             handler.getProjectSession(),
             handler.getRole(db),
             handler.getProxyUrl(function() {