DDOS Rate Limit practice question
So i used to have this rate limit rule:
(http.request.uri.path eq "/")
which only rate limits the home page. so people could use a random path on my website to DDOS like /F3REM and bypass the rate limit. so my question is what the best practice is for rate limiting my website.
so i tried this:
(starts_with(http.request.uri.path, "/"))
but this rate limits my website faster, because files that gets loaded in also count as requests, which makes it rate limit faster with this method, because they also start with "/".
so right now i came up with rate limiting every path, but if it ends with a file extension, it skips. so i don't know if this is a good practice, because maybe they can ddos the filepaths also. what would be the best practice?
1 Reply
what would be the best practice?Best pratice would be adding a rate limiting rule where you need one. Is your home page cached, or cachable by Cloudflare's Edge? Have people attacked you before in a particular way? What exactly are you trying to defend from? You could make a rate limiting rule that matches all (Edit Expression ->
true) with a really high limit to just try to stop blanket attacks). Or you could make more specific rate limiting rules on endpoints which are expensive.
Biz or Higher rate limiting gets the option to not apply cache limiting on cached assets as well.