[agpl3141592]

Sounds more like an issue on cloud flare or whatever server Google is hitting.

It should return 429 so Google can reduce the requests.

I'm not even sure why you would rate limit in the first place? IPS are not unique. One company gateway or university for example has plenty of users.

Rate limit requests from users you know and make sure every public API is properly cached.

[renewiltord]

Why do you say that? The 429 edge status code implies quite strongly that the client gets 429s as well.

[ComputerGuru]

Not hard to test it from a vpn connection and verify.

[santah]

I rate limit because of aggressive bots (scrapers and ones trying random injection attacks etc).

And yes, it's returning 429 ...

[andersa]

Cloudflare doesn't offer rate limiting by user.

Caching is completely useless as a replacement for rate limiting. Simply add a bunch of nonsense to the url, or change query parameters, and you will bypass the cache.

[jhy]

Cloudflare does offer rate limiting - it's in Security / WAF / Rate limiting rules.

On the free plan it is perhaps a bit limited in the rules you can create (match based on bot or URL regex, limit by # requests per IP per 10 seconds). But still pretty useful for slowing stupid requests.

https://developers.cloudflare.com/waf/rate-limiting-rules/cr...

And / or you can use Transform Rules to better normalize the Origin URLs so that the query string or other path info doesn't create new origin requests. Or more simply, enable Ignore Query String in the Cache Settings.

[christina97]

That’s not proper caching then.