diff --git a/lib/Controller/ProxyController.php b/lib/Controller/ProxyController.php
index cf17ed9569..eb00b39c1a 100644
--- a/lib/Controller/ProxyController.php
+++ b/lib/Controller/ProxyController.php
@@ -29,6 +29,7 @@
 use Exception;
 use OCA\Mail\Http\ProxyDownloadResponse;
 use OCP\AppFramework\Controller;
+use OCP\AppFramework\Http\Attribute\UserRateLimit;
 use OCP\AppFramework\Http\TemplateResponse;
 use OCP\Http\Client\IClientService;
 use OCP\IRequest;
@@ -93,6 +94,7 @@ public function redirect(string $src): TemplateResponse {
 	/**
 	 * @NoAdminRequired
 	 * @NoCSRFRequired
+	 * @UserRateThrottle(limit=50, period=60)
 	 *
 	 * @param string $src
 	 *
@@ -102,6 +104,7 @@ public function redirect(string $src): TemplateResponse {
 	 *
 	 * @return ProxyDownloadResponse
 	 */
+	#[UserRateLimit(limit: 50, period: 60)]
 	public function proxy(string $src): ProxyDownloadResponse {
 		// close the session to allow parallel downloads
 		$this->session->close();
diff --git a/psalm.xml b/psalm.xml
index fd9c98b5f0..55ee9a4ffb 100644
--- a/psalm.xml
+++ b/psalm.xml
@@ -19,6 +19,11 @@
 		<directory name="lib/Vendor" />
     </extraFiles>
 	<issueHandlers>
+		<UndefinedAttributeClass>
+			<errorLevel type="info">
+				<referencedClass name="OCP\AppFramework\Http\Attribute\UserRateLimit" />
+			</errorLevel>
+		</UndefinedAttributeClass>
 		<UndefinedClass>
 			<errorLevel type="suppress">
 				<referencedClass name="Doctrine\DBAL\Platforms\MySQLPlatform" />