I wonder if it’s a common method if you would use the IP access rules to block certain ip addresses flooding your backend.
For example, I could create a php based flood protection with an algorithm. If a ip address access the uri: “/login” 10x within 30 seconds, my php script would send an api request to the Cloudflare ip access rules to block the malious ip address.
I have read this article:
But I’m not sure if you would use this tool to automatically block flood attacks. You anyway have a limit of 50k entries.
I know that you can also use rate-limiting directly in Cloudflare.