Rate Limiting is a great feature, but really SHOULD have some more customization options added to custom rules.
I.e. today we had a huge DDoS attack, over 53,000,000 requests to the site, and over 130 GB. Rate Limiting filtered this attack quite nicely, but there is only the option to BAN IPs FOR 1 HOUR? You should offer a longer time frame for blocking IPs, after that hour has passed the attack started back up again (though this time it was much smaller), then rate limiting had to block all the IPs over again. After the second wave of rate limiting the attack completely stopped and hasn’t start up again since. It’s been 23 hours. BUT, if there was an option for lets say to block IPs that match Rate Limiting rules for 1-24 hours that would be really nice and help a lot with preventing certain types of DDoS attacks, and preventing them from starting back up again so fast.
Either way I am very happy with the Rate Limiting Cloudflare provides, although there should be more customization options.