@amolith@masto.nixnet.xyz

So @rysiek may have interesting insight here as he wrote an anti-ddos suite for Nginx.

Aggressive caching and per-IP rate limiting are the first line of defense. What CF does in the first place is to ignore client website's Cache-Control headers and cache content anyway, and this works because most websites unnecessarily limit caching due to industry-wide obsession on unique hits.