diff --git a/test_rate_limit.sh b/test_rate_limit.sh
new file mode 100644
index 0000000..ba2db34
--- /dev/null
+++ b/test_rate_limit.sh
@@ -0,0 +1,47 @@
+#!/bin/bash
+
+# 防爆破保护测试脚本
+
+API_BASE="http://localhost:40001"
+
+echo "========================================"
+echo "  玩玩云防爆破保护测试"
+echo "========================================"
+echo ""
+
+# 测试1: 登录限流
+echo "📝 测试1: 登录防爆破保护"
+echo "----------------------------------------"
+echo "连续5次错误登录，第6次应被封锁..."
+echo ""
+
+for i in {1..6}; do
+    echo "第 $i 次尝试:"
+    RESPONSE=$(curl -s -X POST "$API_BASE/api/login" \
+        -H "Content-Type: application/json" \
+        -d '{"username":"admin","password":"wrongpassword123"}')
+    
+    SUCCESS=$(echo $RESPONSE | grep -o '"success":[^,}]*' | cut -d':' -f2)
+    MESSAGE=$(echo $RESPONSE | grep -o '"message":"[^"]*"' | cut -d'"' -f4)
+    BLOCKED=$(echo $RESPONSE | grep -o '"blocked":[^,}]*' | cut -d':' -f2)
+    
+    if [ "$BLOCKED" == "true" ]; then
+        echo "  ✅ 已被封锁: $MESSAGE"
+        echo "  状态: SUCCESS=$SUCCESS, BLOCKED=$BLOCKED"
+        break
+    else
+        echo "  ❌ 登录失败: $MESSAGE"
+    fi
+    echo ""
+    sleep 1
+done
+
+echo ""
+echo "========================================"
+echo "测试完成!"
+echo "========================================"
+echo ""
+echo "💡 提示:"
+echo "1. 如果第6次显示'已被封锁'，说明防爆破保护正常工作"
+echo "2. 封锁时长为30分钟"
+echo "3. 可以查看后端日志确认: pm2 logs vue-driven-cloud-storage-backend"