Rate Limiting rule not working as expected

Hello all,

i have create a rate limiting rule to protect the login page of my SaaS app, however the rule is not working as expected. Below you can see the rule:

Per my understand what i have done simply means: If the same IP connects more than 25 times within a minute to the URL cloud.example.com, then show JS challenge.

The problem is that once i enable this rule, if you refresh twice the homepage, then it shows the JS challenge! What i have done wrong??

Does your page load any other resources like javascript or css? Those requests count for a rate limit

Oh yes it does both CSS & JS files…its clear now!
How can i bypass this barrier?

By switching the hostname to something like URI, URI Path?

Depending on what you need to cover but yeah something like having it only being the main URL that is loaded would be an easy way to reduce the hits.

This topic was automatically closed 15 days after the last reply. New replies are no longer allowed.