Help! blocking bots on self-hosted REST API

how do i block ip’s that are ddosing or botting my API that is going through cloudflare tunnel? I cannot use a captcha because that would block the API GET requests from my website and of course a website cannot solve a captcha through a get request. this is important and is resulting in a lot of bot account creations. pretty much all requests are coming from poland

another bot attack happened. i am, for the time being, going to disable the tunnel to prevent further damage. please help!

This topic was automatically closed 15 days after the last reply. New replies are no longer allowed.