I have a website hosted from a cloud service storage provider - which charges me based on both bandwidth and GET requests. I want to avoid the potential for a malicious actor to exhaust my budget by issuing a large number of requests. My content is static, nothing is dynamic, so caching literally everything is not a problem.
I would want to enable the “Cache Everything” option through page rules, but this overrides “Ignore Query String”. This makes it so that an attacker can just request mypage.html?123 and keep replacing 123 with any random number, and each request will go to my origin server.
How do I work around this? My website is relatively small, and as such options restricted to business & enterprise plans are sadly not an option for me.
Thanks in advance for any ideas