Security Rate limiting Rule seemingly over-applying incorrectly
We have a security rule in place that will match the following
- Hostname : our hostname
- Custom counting expression
- Response statuscode equals 404
(http.response.code eq 404)
- when rate exceeds: 3000 per 1 minute
- Take action: Block with default rate limiting response and status 429 for 1hr
We believe this is blocking users erroneously, we cannot see any users who are hitting this rate limit but we are getting multiple reports of users being hit by this.
I cannot see in the analytics anyone who has anywhere near this amount of requests. This has caused our service to be unsuable by many customers in multiple situations.6 Replies
Feedback
Feedback has been submitted! Thank you :)
how can i determine if im on the old rate limiting or new? Also i can see that this event is firing in the security events pane, but i dont see the 404 requests anywhere that cause the rate limiting. this makes me think its misfiring, also it maybe corrolates with a recent release to the cloudlfare WAF update 2 days ago
Hi. Did you figure out the cause of this? I'm seeing the same thing - I have a rate limiting rule that has been in place for over a year, all the sudden today it has started erroneously blocking requests from individual IPs after a couple of requests when the rate limit rule is set to block at 200/minute
I did not 🙁
https://www.cloudflarestatus.com/incidents/7wxbm14drxxj this may be of interest
Wow thanks