We have a few different Rate Limiting Rules.
When a page request comes into Cloudflare, and it matches two or more of our Rate Limiting rules, do both Rate Limiting Rules count the event?
For example, we have one rule that protects our login page so that brute force password attempts are thwarted after a handful of attempts within 1 minute. This rule is very specific. It blocks this specific login page.
We also have a more general rule that protects our web servers from IP Addresses that make many high speed requests. This rule is very general. The match is for “/” with only a few Bypass entries so that images and such are not counted. This very general rule blocks an IP address that requests more than about 60 pages within a minute.
We have a few other rate limiting rules that are very specific and will prevent a robot from using the print page function repetitively, or the contact us page repetitively.
How does the Rate Limiting rule engine process page requests that match two or more of our Rate Limiting rules?
If it depends upon the sequence of these Rate Limiting rules, how does one control the sequence? That is possible with Firewall Rules. But how does one control the sequence of Rate Limiting Rules? Or does it not matter?