I’ve setup a simple rate limit but it’s behaving oddly. When hostname contains ‘example.com’ and with the same characteristics “IP”, when rate exceeds 150 requests for 1 minute, block for an hour. What surprises me is that a user uploading a file gets blocked immedately.
Sorry to hear you are having issues with the request being blocked. If you take the RAYID on that blocked request then search the “Security Events” why is it blocked? Can you confirm it was the rate limit that triggered the rule?
This will help make sure that the request is not triggering a false positive. As it should have to hit the threshold set. For it to take action on the request.
I have the Pro plan so I’m limited to just reviewing the activity log for the last 72 hours. I’ll definitely use that to confirm what rule fires, but my user did see a 1015 and I have just the one rule so it’s likely the cause. I’m just surprised that uploading a file to the admin side of the server would cause such an issue. Is it expected?
Is there a way I (as a pro plan user) can automate acquiring the security log so that I’m not limited to the 72 hours?