Hi there -
I turned on rate limiting for our org using the path: www.mysite.org/*
The reason for turning it on, is we do have loginless pages and noticed thousands of records created in our DB with $1 transaction attempts. After turning it on, it stopped and over the course of 24 hours i’ve blocked using this rule roughly 10k blocks. That’s the good news, the bad news is i have actual people trying to buy tickets or reserve something using our site, and they’re receiving the Error 1015. I currently have the threshold set to “100 attempts in 1 minute = Block for 1 day”.
Does anyone know a better option for me to use to still block bad traffic, but not block good traffic? Possibly a FW rule as well?