Blocking someone who open 10 pages in 10 secs not working

What is the name of the domain?

domain.com

What is the issue you’re encountering

rate limiting rule not working as i want it to

What are the steps to reproduce the issue?

Hi, I am trying to create a firewall rule under rate limiting. I want to make sure I block bots that go into the site too much and cause my server to go down.

So I want to create a rule saying that if someone visits 10 different pages in 10 seconds, I want to block them. So I created a rule saying if the URL path contains “/” I want to block them.

But it seems like the rule is for everything loaded and not just the page. So if a user loads a page and that page has 20 images, it activates the rule on one page view.

Is there a way for me to limit the views to only page visits on the free Cloudflare version?

Screenshot of the error

limiting-rules.png713×850 19.6 KB

Are the DNS records proxied for the particular hostname?

If you’ve got 10 images on the page, some CSS and JS file, which exceedes 10 requests within 10 seconds, you’d see requests being rate limited in the Developer Console (F12) of your Web browser and also shown under the Rate limiting page.

You could edit your expression to ignore requests for static resources:
(not http.request.uri.path.extension in {"js" "css" "woff" "jpg" "gif" "webp"}) (and so on)

Thanks for the help, i ended up doing this

image1062×592 17.8 KB