I recently had a DoS attack that only I’m Under Attack! Mode could stop, and when I looked at what they were hitting, I was surprised to find that it was just a singe image. While this explained why rate limiting wasn’t blocking it (I don’t limit images), I do not understand how they can DoS my site by doing this - shouldn’t all images by cached by Cloudflare, so that any hits to them wouldn’t even reach my server?
Also, why were millions of hits to a single image not picked up a some kind of attack? It would be great if you had a rate limiting setting which restricted the number of hits to any single file (for example, if any given file gets hit by the same IP three times in one second, it is blocked). As of now, we have to specify which files or directories are limited. This is impractical with images, as they get lots of hits as a group, but any single image should not be hit multiple times by the same IP.