I’ve had a particular subdomain and (non-existent) path getting multiple requests per second from a number of different sources. It tends to be the same couple countries, and the IP will change after a couple hundred attempts or so. I set up a rate limit rule to cover http & https to that
sub.domain.com/path but it seems like it’s only working intermittently.
I reduced the limit to 3 requests per 10 seconds which should have caught a lot of them, and to block for an hour, but when I go to the
analytics > security page, I can see that in the past 12 hours only a handful have been reported (like 15 or so) and none have been logged or blocked. I can still see these attempts in my firewall events,
Have I missed a crucial step somewhere, or could another firewall rule be preventing this? None of my firewall rules include
bypass which I thought was the only thing that would not trigger rate limiting.
Thanks for any help or pointers.