I have a problem with a lot of bots and scrappers which overload my website. They are mainly from China. How can I make a rule which blocks any IP adress which comes to my page more the 6 times per 10 sec. that it gets blocked. I already created such a rule and allowlisted the folder wherre the CMS is located with /members/* - all seemed fine but when the rule is active I also can not access the site anymore. I just want to block any IP which makes multiple requests to my page.
Was the site working with SSL prior to adding it to Cloudflare?
Rate limiting only has simple features on a free plan. Note that if you rate limit for /members/ that will include any files, such as HTML, images, CSS, etc that match that path so a single page visit could hit the rate limit if too low and many files are requested per page visit.
Other than the rate limiter, Cloudflare’s WAF is stateless so each request is evaluated in isolation. You may prefer to use custom WAF rules to block countries or ASNs that you find are abusive (such as in this list) or use Cloudflare’s bot protections (again, better on a paid plan).
Alternatively you can build your own rate limiter using Cloudflare Workers, or consider just challenging requests for that page with a custom WAF rule.