Rate limiting behind a proxy
Hi,
I have the following flow.
Client -> GCP App Engine Server -> Cloudfare -> GCP App Engine Backend Server.
My site keeps getting attacked by several malicious users. They do it via automation for SMS attack but I have activated Rate limiting rules however for my mobile apps they are fine since it calls directly the Cloudfare protected domain, but for my web it seems that Cloudflare always uses the App Engine Server IP and activating it will block real users since they do this request non-stop.
Is there a way in the rate limit to change it to use the X-Forwarded-For IP ? This attack has been going for a few days, even though I have stopped the SMS sending for the numbers that this attacker is using.
I have the following flow.
Client -> GCP App Engine Server -> Cloudfare -> GCP App Engine Backend Server.
My site keeps getting attacked by several malicious users. They do it via automation for SMS attack but I have activated Rate limiting rules however for my mobile apps they are fine since it calls directly the Cloudfare protected domain, but for my web it seems that Cloudflare always uses the App Engine Server IP and activating it will block real users since they do this request non-stop.
Is there a way in the rate limit to change it to use the X-Forwarded-For IP ? This attack has been going for a few days, even though I have stopped the SMS sending for the numbers that this attacker is using.
