diff --git a/docker/config/nginx/nginx.conf b/docker/config/nginx/nginx.conf
index 1a4ef0c3b..62d822f5c 100644
--- a/docker/config/nginx/nginx.conf
+++ b/docker/config/nginx/nginx.conf
@@ -51,15 +51,17 @@ http {
 
     # ----------------------------------------------------------------
     # Rate limiting zones (effective once real_ip is resolved).
-    # sapl_general : 90 req/min  — HTML pages (burst absorbs parallel assets)
-    # sapl_media   : 180 req/min — /media/ has its own bucket; doesn't drain general
-    # sapl_api     : 60 req/min  — API quota layer is the real binding constraint
+    # sapl_general : 120 req/min — aligned with Django anon rate (RATE_LIMITER_RATE)
+    # sapl_media   : 240 req/min — aligned with Django auth rate (RATE_LIMITER_RATE_AUTHENTICATED)
+    # sapl_api     : 120 req/min — aligned with Django rate limiter threshold
     # sapl_heavy   : 10 req/min  — PDF generation; slow by design
     # Burst values are env-var configurable at container start (start.sh).
     # ----------------------------------------------------------------
-    limit_req_zone $binary_remote_addr zone=sapl_general:20m rate=90r/m;
-    limit_req_zone $binary_remote_addr zone=sapl_media:20m   rate=180r/m;
-    limit_req_zone $binary_remote_addr zone=sapl_api:20m     rate=60r/m;
+    limit_req_log_level warn;
+
+    limit_req_zone $binary_remote_addr zone=sapl_general:20m rate=120r/m;
+    limit_req_zone $binary_remote_addr zone=sapl_media:20m   rate=240r/m;
+    limit_req_zone $binary_remote_addr zone=sapl_api:20m     rate=120r/m;
     limit_req_zone $binary_remote_addr zone=sapl_heavy:10m   rate=10r/m;
 
     # ----------------------------------------------------------------