Block IP or machine with over "x" attempts per minute

If you know the IP, you can simply drop/reject or do “block” (action) using Firewall rules at the Cloudflare dashboard.

If the host is accessing something, like URI path or has some query string or else, you can even restrict by the IP and that too.

Rate Limiting is also a good option, but it can be exceeded if the host make a lot of attempts or requests.

Cloudflare Firewall rules also only protects the hostname which is :orange: (proxied by Cloudflare). If someone bypasses the proxy and goes directly to your server’s IP address, then you should look after your iptables and block the IP directly at your origin/host.