My sites experience intermittent DDoS attack for the past few months. But still facing difficulties due to several problems.
1.) Majority IP coming from google-proxy IP in range 64.233.172.0/23, where I suspect those android phone using Data Saver or Lite mode from the chrome browser. I used to block that IP range but it break my SEO as I realized they are part of Google bot also part of the IP when I allowed known-bot to my sites. Blocking individual IP seems impossible as phones might come from different google-proxy IP.
2.) Country block is impossible as most IP coming from the country where we served most.
3.) I tried Rate Limit to allow 3 request per minute to my site but only small amount of traffic get block.
I am out of idea to solve this issue. Any insight or suggestion are welcome.
AFAIK, the ip(s) that google uses for crawling and the ones they provide to the public should not be the same.
However, did you try UAM mode? If so, did you try to make it more strict by adding CAPTCHA to all visitors?
If none of these worked, the only “tip” that comes into my mind is to switch the ddos protection to a different provider that focuses on that field and ensures you an SLA, be aware that these solutions can be extremely costly.