Rate Limiting Rules Failure

We received 673 hits over a 39 minute period. That’s 17 per minute… IP’s are supposed to be blocked after 2 hits per minute. Why isn’t the offending IP being blocked?

I’d add a wildcard * to the end of that URL just in case they’re adding a query string after it.

Also, are you sure their requests are coming through Cloudflare? Some attackers hit the server IP address directly. Which is why I have a server firewall that blocks everything that doesn’t come from a Cloudflare IP address.

We added the wildcard. Hopefully that helps.

When attempting to access the page via IP address, all are redirected to the domain itself.

1 Like

If an attacker were to find out the IP address, then basically add it to /etc/hosts, they can access your site directly by hostname and won’t get redirected to the domain itself.

2 Likes