diff --git a/lib/gatekeeper/middleware/api_key_validator.js b/lib/gatekeeper/middleware/api_key_validator.js
index 00228f1d..39a37925 100644
--- a/lib/gatekeeper/middleware/api_key_validator.js
+++ b/lib/gatekeeper/middleware/api_key_validator.js
@@ -99,6 +99,13 @@ _.extend(ApiKeyValidatorRequest.prototype, {
         this.request.apiUmbrellaGatekeeper.user = user;
 
         if(user.settings) {
+          // Delete a "null" value for a user-specific rate limit mode, since
+          // we don't want that to overwrite the API-specific settings during
+          // the settings merge.
+          if(user.settings.rate_limit_mode === null) {
+            delete user.settings.rate_limit_mode;
+          }
+
           request.apiUmbrellaGatekeeper.originalUserSettings = cloneDeep(user.settings);
           mergeOverwriteArrays(request.apiUmbrellaGatekeeper.settings, user.settings);
         }
diff --git a/test/server/rate_limiting.js b/test/server/rate_limiting.js
index 85e55f16..f3dc89b3 100644
--- a/test/server/rate_limiting.js
+++ b/test/server/rate_limiting.js
@@ -740,6 +740,21 @@ describe('ApiUmbrellaGatekeper', function() {
       });
 
       itBehavesLikeUnlimitedRateLimits('/hello', 5);
+
+      describe('user with settings object present, but null rate_limit mode', function() {
+        beforeEach(function setupApiUser(done) {
+          Factory.create('api_user', {
+            settings: {
+              rate_limit_mode: null,
+            }
+          }, function(user) {
+            this.apiKey = user.api_key;
+            done();
+          }.bind(this));
+        });
+
+        itBehavesLikeUnlimitedRateLimits('/hello', 5);
+      });
     });
 
     describe('api specific limits', function() {