Rate limiting billing and firewall rules


My website got hacked (Japanese keyword hack), and I’ve since switched from Wordpress to Jekyll + Cloudflare so my website is now clean.

However, I’m still receiving hundreds of thousands of requests per day by Bingbot trying to crawl non-existent URLs like mywebsite.com/111koujme/12e9dk.html. I’m blocking all Bingbot requests with a firewall rule to avoid excessive bandwidth consumption while trying to resolve this with Microsoft support.

I also wanted to add rate limiting, and wondering how rate limiting billing works in relation to the firewall. Are firewall-blocked requests counted towards the 10k free requests (assuming they would not blocked by my rate-limiting rules) or are they considered blocked before they reach the rate-limiting filters and therefore not counted?

Thank you!

Rate limiting should take place after firewall rules, hence any requests blocked by a firewall rule should not fire rate limiting.

1 Like