Hello. Domain dash.perfluence.net
Attackers Brutforcing my login page for 3d day and no firewalls rules save me in automatic mode. Under attack mode doesn’t helps too. Always I need to turn on login captcha manually for every request or block them by user agent.
Attackers use different ips so rateliming rules doesn’t help me.
I need ratelimiting rule by url for all ips. For example If there are more than 1000 request to site/login per minute turn on capcha for all ips for 1 hour. Rate limiting by UA could help me too but it’t not reliable. I think attacker can easily change it to random every request.
Or maybe you can advice me different tool that can help in my situation? Thanks