Rate limiting By URL

Hello. Domain dash.perfluence.net
Attackers Brutforcing my login page for 3d day and no firewalls rules save me in automatic mode. Under attack mode doesn’t helps too. Always I need to turn on login captcha manually for every request or block them by user agent.
Attackers use different ips so rateliming rules doesn’t help me.
I need ratelimiting rule by url for all ips. For example If there are more than 1000 request to site/login per minute turn on capcha for all ips for 1 hour. Rate limiting by UA could help me too but it’t not reliable. I think attacker can easily change it to random every request.

Or maybe you can advice me different tool that can help in my situation? Thanks

Just add a Page Rule

*dash.perfluence.net/*

This should resolve your problem.

Under attack mode doesn’t help. Js challenge doesn’t detect malicious traffic. Only capcha helps. But I want it turn on automatically when attack starts. So I need rate limiting rule

There are few options

From which country you’re receiving attack? Just block all of them

Other option is blocking or setting captcha for ASN

Different countries different ips. No problem to block it manually by user agent now. But some time later it will starts again with different settings. I need automatic protection tool.