Hello @Nuri Engin , Thank you for reaching out and providing the detailed question above.
- Azure WAF does provide a rate limiting option. You can go through this documentation to set a rate limit rule for Azure Front Door using WAF rate limit rule that controls the number of requests allowed from clients to a web application. Please be aware that rate limits are applied for each client IP address. If you have multiple clients accessing your Front Door from different IP addresses, they will have their own rate limits applied. Please let me know if you have any additional concerns here.
Update: Apologies I just went through this blog you shared above. As per the blog had you already configured the Rate Limit Rule above before doing the Brute test? (This rule will not work if you have any sort of proxy set-up before Azure Front Door) If yes can you please share a screenshot of the custom WAF rule configuration. Also as this rule prevents any client IP to exceed threshold defined for that specific path, are you looking for any particular way of rate limiting? You can explore the option of using Azure DDoS Protection Standard as discussed below.
- Regarding the 2nd question's DDOS part. You can go through this documentation about how Azure Front Door prevents DDOS attack as it has Azure DDoS Protection Basic integrated by default. You can also configure Custom WAF rules or Integrate Azure DDoS Protection Standard for additional protection.
Please let me know if have any additional questions or concerns. Thank you!
(PS: I was not able to access the screenshot links shared above, if you have any additional questions can you please share those screenshots again. You can also do a Private comment above if it helps.)
Please "Accept as Answer" if it helped so it can help others in community looking for help on similar topics.