I just set up a rate limiting rule that looks like this:
http and https website.com/*
From the same IP address exceeds 10 requests per second.
Block for an hour.
I have a couple of questions.
- Is the rate too tight, ending up blocking legitimate users?
- Will this affect legitimate bots such as bing bot and google bot?