Hello, Attacks are still continuing, somebody is obsessed with our website and wants to shut it down. Can anyone help us about the risk assessments and security procedures in this matter?
After that, you should study the logs both in the Firewall and at your origin server, and try to identify patterns that match the attackers. Perhaps the countries where they come from, their pool of IP addresses and ASN, user agent etc.
With this information at hand, you can craft one or more Firewall Rule to block or challenge the attacks, while keeping your site available to search engine and legit visitors.