Security Rate limiting Rule seemingly over-applying incorrectly

We have a security rule in place that will match the following

Hostname : our hostname
Custom counting expression
- Response statuscode equals 404
```
(http.response.code eq 404)
```
  (http.response.code eq 404)
```
(http.response.code eq 404)
```
  (http.response.code eq 404)
when rate exceeds: 3000 per 1 minute
Take action: Block with default rate limiting response and status 429 for 1hr

We believe this is blocking users erroneously, we cannot see any users who are hitting this rate limit but we are getting multiple reports of users being hit by this.

I cannot see in the analytics anyone who has anywhere near this amount of requests. This has caused our service to be unsuable by many customers in multiple situations.

Security Rate limiting Rule seemingly over-applying incorrectly

Similar Threads

Similar Threads

Similar Threads