Firewall rate limiting help

Hello all,

my firewall doens’t mitigate DDos on my website, i’ve a lot of Request on a single minute from differents IP.
I’ve tried to set up Cloudflare Rate limiting, but seems that isn’t working. i’ve probably wrote something wrong,

that’s what i’ve wrote:

I would block all the spam that is on " mydomain.info/billing/dologin.php "
My rule is correct or i’ve to write " *.mydomain.info/billing/dologin.php " or i can write only " * " to secure all site? (but it’s useless cause they’re Ddossing my dologin.php only)

thank you

anyone?.. :frowning:

Hello @nicola.mazzoccoli61,

Silly question: have you firewalled your application to only accept connections from Cloudflare? If not, attackers/bots could use your IP address to bypass Cloudflare.

Also, I’m not an expert in rate limiting, but 10 requests per minute from a single IP is pretty high. I would presume you would be getting hit by multiple IPs and granting them each 10 hits per minute adds up.

1 Like

Bumping entire thread, this is a popular subject on this site.