Security Rate limiting Rule seemingly over-applying incorrectly
We have a security rule in place that will match the following
- Hostname : our hostname
- Custom counting expression
- Response statuscode equals 404
- when rate exceeds: 3000 per 1 minute
- Take action: Block with default rate limiting response and status 429 for 1hr
We believe this is blocking users erroneously, we cannot see any users who are hitting this rate limit but we are getting multiple reports of users being hit by this.
I cannot see in the analytics anyone who has anywhere near this amount of requests. This has caused our service to be unsuable by many customers in multiple situations.
- Hostname : our hostname
- Custom counting expression
- Response statuscode equals 404
(http.response.code eq 404)- when rate exceeds: 3000 per 1 minute
- Take action: Block with default rate limiting response and status 429 for 1hr
We believe this is blocking users erroneously, we cannot see any users who are hitting this rate limit but we are getting multiple reports of users being hit by this.
I cannot see in the analytics anyone who has anywhere near this amount of requests. This has caused our service to be unsuable by many customers in multiple situations.
Welcome to the official Cloudflare Developers server. Here you can ask for help and stay updated with the latest news
87,353Members
Resources
Similar Threads
Was this page helpful?
