diff --git a/node_modules/c9/ratelimit.js b/node_modules/c9/ratelimit.js
index 1b045036..a87a8e87 100644
--- a/node_modules/c9/ratelimit.js
+++ b/node_modules/c9/ratelimit.js
@@ -9,6 +9,12 @@ module.exports = ratelimit;
 
 function ratelimit(key, duration, max) {
     var requests = Object.create(null); // in case there handles like 'constructor'
+    var rootKey = "params"; 
+    if (/^req\./.test(key)) {
+        rootKey = null;
+        key = key.replace(/^req\./, "");
+    } 
+    
     setInterval(function() {
         Object.keys(requests).forEach(expireRequests);
     }, Math.min(duration * 0.75, MAX_EXPIRE_INTERVAL));
@@ -38,7 +44,8 @@ function ratelimit(key, duration, max) {
     }
     
     return function(req, res, next) {
-        var handle = resolveValue(req.params, key);
+        var root = rootKey ? req[rootKey] : req;
+        var handle = resolveValue(root, key);
 
         requests[handle] = requests[handle] || [];
         if (requests[handle].length >= max) {
diff --git a/node_modules/c9/ratelimit_test.js b/node_modules/c9/ratelimit_test.js
index 7cff5de9..65d05f34 100644
--- a/node_modules/c9/ratelimit_test.js
+++ b/node_modules/c9/ratelimit_test.js
@@ -33,16 +33,35 @@ describe("ratelimit", function() {
     });
     
     it("Should work with deep keys", function (done) {
-        var limiter = ratelimit("user.id", 10, 1);
+        var limiter = ratelimit("user.id", 100, 1);
         limiter({params: {user: {id: "hey"}}}, null, function (err) {
             assert(!err, err);
             limiter({params: {user: {id: "yay"}}}, null, function (err) {
                 assert(!err, err);
-                done();
+                limiter({params: {user: {id: "hey"}}}, null, function (err) {
+                    assert(err);
+                    assert.equal(err.code, 429);
+                    done();
+                });
             });
         });
     });
     
+    it("Should work with parameters directly on req, if req is specified as the first part of the deep key", function (done) {
+        var limiter = ratelimit("req.user.id", 100, 1);
+        limiter({user: {id: "hey"}}, null, function (err) {
+            assert(!err, err);
+            limiter({user: {id: "yay"}}, null, function (err) {
+                assert(!err, err);
+                limiter({user: {id: "hey"}}, null, function (err) {
+                    assert(err);
+                    assert.equal(err.code, 429);
+                    done();
+                });
+            });
+        });
+    })
+    
     it("Should work again after a delay", function (done) {
         var limiter = ratelimit("username", 10, 1);
         limiter({params: {username: "super"}}, null, function (err) {