Exclude zero trust users from rate limit

we use the Zero Trust solution to protect our Wordpress admin (wp-admin).
Additionally we have DDoS Protection and a rate limit on the rest of the wordpress public page.
Since JS and CSS etc. is not bundled in the wordpress backend, there are many requests by admin users to static js and css files (100 per admin page) and soon blocked away.

Is there a possibility to exclude users coming over the zero trust solution for these rules? (No fixed IP like and office etc. since we use zero trust to enable employees to work from everywhere)

You might be able to create a rule to exclude requests that have a CF-Access-Authenticated-User-Email header from rate limiting.

1 Like