Need help with Setting Rate Limiting Rules

Hello!
We’ve already set some Rate Limiting rules and those are working fine.
One of them is blocking IP for 1-minute if they reach a certain number of request in 1-minute.

Now the help I need is with DDOS attacks. As traffic comes from various countries and
I’ve blocked lot of countries IP where we don’t sell. These unwanted requests that reach our server aren’t blocked by our current rate limiting rules. When I looked closely, those requests doesn’t meet the threshold of rate limit rules thus these request weren’t blocked. The average session of these IPs’ are about 0.7 sec. or maybe around 1,2 seconds.

Question is how can we block these requests using rate limiting without disturbing actual buyers?
And what are other things we can implement of CloudFlare or sever settings to mitigatethese attacks?

Thanks :slight_smile:

If you want to limit visits by country, use Firewall Rules. You can block anything that’s not from a list of countries:

I got that and as mentioned I’m already doing that.
I really need help with blocking requests from those IPs’ which has session time of only 5-10 seconds.
My Rate limiting rules are blocking IP if it makes certain number of requests in 10 seconds and if in 1 minute.
How do I block those IP or traffic that comes to our site whereas these IP doesn’t make much requests that these can be blocked by Rate limiting rules?

Sorry, I thought you were blocking it in a different way since the Firewall Rule I posted doesn’t use IP addresses.

You could try a Firewall Rule (or tiered Rules) based on Threat Score:

Otherwise, it sounds like you’re trying to Rate Limit bots that look similar to regular traffic: Just a few hits within a short time period, then gone.