Rate Limiting doesnt block IP for 1 Day

So, basically I had like 1mil requests to my login form from someone, so I decided to set up Rate Limiting. It helped of course, but I am just curious, how is he able to continue his attack from the same IP even when it should be blocked for 1 day, not like a few hours?

Not that I afraid of being bruted right now because my passwords are really big, but if I did something wrong I want to know.

Hi @alexandr.buterin,

Unless I am reading that wrong, it seems to be working OK. It shows a block for that IP on each occasion due to rate limiting.

1 Like

As you can see on my picture, there should be block for 1 day for this IP after the first occasion, but as you can also see cloudflare allows to do it after it should be blocked. Same IP, same day, same page.

In the second column it states that request was blocked, the request will still arrive at Cloudflare’s Edge and show up in the firewall logs.

2 Likes

Oh okay I get it now, thanks!

1 Like