diff --git a/roadmap/prod-env/03-infra-stack-changes.md b/roadmap/prod-env/03-infra-stack-changes.md
index d3b442a..ae48477 100644
--- a/roadmap/prod-env/03-infra-stack-changes.md
+++ b/roadmap/prod-env/03-infra-stack-changes.md
@@ -111,14 +111,31 @@ Keep the following APISIX plugin limits in `init/apisix-core/init.sh` for `test/
 | Auth routes `/v1/auth/*`, `/v1/users/*` | `limit-count` | `count: 12`, `time_window: 60` per `remote_addr` |
 | Global rule | `limit-count` | `count: 60`, `time_window: 60` per `remote_addr` |
 
-Update the global rate limit block in `init/apisix-core/init.sh`. Define threshold constants at the script header to ensure consistency and ease of updates:
+Update the rate limit and connection limit blocks in `init/apisix-core/init.sh`. Define all threshold constants at the script header to ensure consistency and ease of updates:
 
 ```bash
 # Define at the top of init.sh
 GLOBAL_LIMIT_COUNT=60
 GLOBAL_LIMIT_WINDOW=60
+AUTH_LIMIT_COUNT=12
+AUTH_LIMIT_WINDOW=60
+WS_LIMIT_CONN=5
 
-# ... later in the script ...
+# ... later in the script (WebSocket route) ...
+if [[ "$PROFILE" != "dev" ]]; then
+  WS_PLUGINS=',"plugins":{"limit-conn":{"conn":'"$WS_LIMIT_CONN"',"burst":2,"default_conn_delay":0.1,"key":"remote_addr","key_type":"var","rejected_code":429}}'
+else
+  WS_PLUGINS=""
+fi
+
+# ... later in the script (Auth routes) ...
+if [[ "$PROFILE" != "dev" ]]; then
+  AUTH_LIMIT=',"plugins":{"limit-count":{"count":'"$AUTH_LIMIT_COUNT"',"time_window":'"$AUTH_LIMIT_WINDOW"',"key_type":"var","key":"remote_addr","rejected_code":429,"policy":"local"}}'
+else
+  AUTH_LIMIT=""
+fi
+
+# ... later in the script (Global rate limit) ...
 if [[ "$PROFILE" != "dev" ]]; then
   if [[ "$PROFILE" == "prod" ]]; then
     RATE_POLICY="redis"