What type of rule defends against a distributed denial of service (DDoS) attack by controlling request frequency?

A rate-based rule is specifically designed to defend against Distributed Denial of Service (DDoS) attacks by limiting the frequency of requests that are processed by the server within a certain timeframe. This is crucial during DDoS attacks, where an overwhelming number of requests may flood the system, leading to performance degradation or complete service outage.

By implementing rate-based rules, systems can set thresholds on the number of requests allowed from a single IP address or other entities. If an entity exceeds this threshold, subsequent requests can be temporarily blocked or throttled. This strategy effectively mitigates the risk of resource exhaustion that is typically caused by DDoS attacks, allowing legitimate users to still access the services while protecting the infrastructure.

The other types of rules mentioned, such as those related to HTTP body, HTTP header, and URI string, are more focused on specific content or characteristics of the requests rather than on controlling their frequency. They do not inherently limit the number of requests, which is the primary function required to counteract DDoS threats. Thus, the rate-based approach stands out as the most effective measure for controlling request frequency in this context.