I hope this message finds you well. I am writing to seek your assistance regarding an issue I am experiencing with the IP restriction rules configured on my Cloudflare account. I have set up a custom rule to block an IP address in case more than one request is made within a time period of 10 seconds to restrict repeated multiple requests. However, I have noticed that even after waiting for a minute or more, subsequent attempts still result in an HTTP 429 (Too Many Requests) error. This behavior persists beyond the intended 10-second block period. I would greatly appreciate it if you could help me identify the cause of this issue and suggest any necessary adjustments to ensure the rule behaves as expected. Looking forward to your response.
In your screenshot, you are blocking the IP address for an hour if there is more than 1 request in 10 seconds.
Also, if this rule applies to a web site (rather than say an API) note that the page load, plus any assets (such as images, CSS, JS, etc) each count as 1 request, so likely each IP address needs to be allowed more requests per 10 seconds than just 1 to load a single page and you will block every user for an hour after the first request.
You can use this endpoint, but a 500 error will be encountered on the first try, which means it is reaching the server. However, on the second try, 429 will be received.
