40% request like this:
/9840910sl8yxciki0pxofc
/9840910sl8yxciki0pxof5458
/9840910sl8yxciki0pxo545
/9840910sl8yxciki0pxof455
25% request to
/wp-admin/admin-ajax.php
When disable under attack mode server cpu 100% use.
1 Like
Try Cloudflare Rate limiting by HTTP response status codes i.e. 403 and/or 403 Unknows page request atttack - #6 by eva2000
Your CF plan doesn’t have access to rate limiting parameters for custom counting expression Increment counter when it seems Rate limiting parameters · Cloudflare Web Application Firewall (WAF) docs
Looks like increment counting feature is Cloudflare Business plan or higher Rate limiting rules · Cloudflare Web Application Firewall (WAF) docs 
So you can’t use the rule in your screenshot as is as it will rate limit and false positive trigger. But you can adjust the expression criteria to paths you know are being attacked and analysis from WAF event logs patterns of attack you can target using Rate limiting.
This topic was automatically closed 15 days after the last reply. New replies are no longer allowed.