Rate Limiting and custom Rules are not working as expected

vidhyasagar.hari · August 28, 2023, 12:36pm

Hi All ,

We had a continuous number of hits from different IP’s with similar referrers in our web application.

We have deployed a custom rule to block that specific referrer. Since we have more traffic from different regions , we suspect a brute-force attack on our application

We tried the rate-limiting rule also, which didn’t even capture the continuous requests.

It would be better if anyone could help us with this.

Thanks in Advance !

Paige · August 30, 2023, 9:18pm

Hello, in order to better assist you, can you please provide the following details:

Domain name
Are you viewing the non-blocked requests in your origin server logs, or in your Cloudflare security events?
Are your DNS records proxied?
Describe in detail any recent changes to your site: within Cloudflare DNS, Settings, or elsewhere.

In the meantime, you may need to adjust the rate limiting rule such as increasing the rate of requests.

vidhyasagar.hari · September 4, 2023, 12:54pm

Hi Cloudflare Team,

Thanks for the referral link. We have gone through it.

We are checking on the Cloudflare security events, Which are under the Security Tab.
All of our records are proxied.

For All of our rate-limiting rules, we have enabled managed action. Since the page we are trying to block is a kind of login form page, it is not effective.

We have configured an interval of 10 seconds. We haven’t captured any requests under the enabled rule.

Kindly advise whether we can choose the action as block or any other options to make this rule effective.

Thanks & Regards,