Simplest hack to have effective rate limit of your website is to use rate limiting and it is available in free plan and with limited functionality but still good for most usage cases:
- Go to Security — WAF — Create Rule
2. To cover all URL on your website use: Uri Path — Contains — /
Good starting point for rate limit is not to exceed 20 requests per 10 seconds, and you can adjust from there making sure not to block regular users.
This tuning is kind of art and will come with time.
3. By examining Activity log be careful not to block search engines, in our case we can see that Google is not blocked and DuckDuck Go was making problmes.
You can also adjust robots.txt to adjust crawler delay between the pages.
Facing DDoS Attacks or Need Infrastructure Help?
Don't wait for the next attack or infrastructure issue. Get expert help with DDoS mitigation, AWS optimization, and security hardening.
Get Expert Help Now