I found that nice article/introdution for these scenarios here:
crowdsecurity/http-ddos-by-ASN and crowdsecurity/http-ddos-by-cn
I like the idea very much of allowing for example 50 distinct ips every 30 seconds grouped ba country in that scenario.
capacity: 50 leakspeed: "30s" blackhole: 5m
I was wondering, if that works only together with cloudflare service or is there a way to get it also running only with a local crowdsec-firewall bouncer?