Rate limiting WAF rule not working

What is the name of the domain?

lindy.com.au

What is the issue you’re encountering

Rate limiting WAF rule not working

What steps have you taken to resolve the issue?

Hi Team,

We have created below rate limiting WAF rule but its not working as we are still receiving hits from facebookexternalhit.

Rule should get activated When rate exceeds 10 requests per 10 seconds but its not.

Rule:
(http.request.full_uri eq “Redirecting...”) or (http.request.uri.path contains “facebookexternalhit”) or (http.request.uri.path contains “externalhit_uatext.php”)

If you are not using an Enterprise plan, if there are many IP addresses connecting with those parameters, the rate limit will only be applied per IP address, not the number of hits of the rule parameters.

Thank you for the update, we are using paid Pro plan.

If its related to IP address then it will be a catch as hits come from random IPs togehether.

Any other possibility ?

Regards,
Mehul

You can use a Worker. The example here rate limits by IP address, but you can customise that to whatever parameters you want…

Thank you for the update, will check.

This topic was automatically closed after 15 days. New replies are no longer allowed.