My sites experience intermittent DDoS attack for the past few months. But still facing difficulties due to several problems.
1.) Majority IP coming from google-proxy IP in range 188.8.131.52/23, where I suspect those android phone using Data Saver or Lite mode from the chrome browser. I used to block that IP range but it break my SEO as I realized they are part of Google bot also part of the IP when I allowed known-bot to my sites. Blocking individual IP seems impossible as phones might come from different google-proxy IP.
2.) Country block is impossible as most IP coming from the country where we served most.
3.) I tried Rate Limit to allow 3 request per minute to my site but only small amount of traffic get block.
I am out of idea to solve this issue. Any insight or suggestion are welcome.