DDOS Rate Limit practice question
So i used to have this rate limit rule:
(http.request.uri.path eq "/")
which only rate limits the home page. so people could use a random path on my website to DDOS like /F3REM and bypass the rate limit. so my question is what the best practice is for rate limiting my website.
so i tried this:
(starts_with(http.request.uri.path, "/"))
but this rate limits my website faster, because files that gets loaded in also count as requests, which makes it rate limit faster with this method, because they also start with "/".
so right now i came up with rate limiting every path, but if it ends with a file extension, it skips. so i don't know if this is a good practice, because maybe they can ddos the filepaths also. what would be the best practice?
(http.request.uri.path eq "/")
which only rate limits the home page. so people could use a random path on my website to DDOS like /F3REM and bypass the rate limit. so my question is what the best practice is for rate limiting my website.
so i tried this:
(starts_with(http.request.uri.path, "/"))
but this rate limits my website faster, because files that gets loaded in also count as requests, which makes it rate limit faster with this method, because they also start with "/".
so right now i came up with rate limiting every path, but if it ends with a file extension, it skips. so i don't know if this is a good practice, because maybe they can ddos the filepaths also. what would be the best practice?
Welcome to the official Cloudflare Developers server. Here you can ask for help and stay updated with the latest news
85,042Members
Resources
Similar Threads
Was this page helpful?
