Forum Discussion
Hello Aaron.
Have you enabled the clientside integrity defense checks in your prevention policy? These options do not perform rate limiting but only turns away non-browsers or bots.
Prevention policy methods do not engage simultaneously but in order as long as the attack continues. This could be why it is taking longer to reach the rate limiting options.
You could try removing the integrity check options and if this does not provide the consistency you are looking for please let us know the settings you are using.
Just to add, it will use the Source IP Based Rate Limiting if the attack meets the Suspicious Criteria (per IP address) thresholds, not the Detection Criteria above, this would trigger the URL based rate limiting...as far as i understand.
So, are you seeing attacks from multiple IP addresses?