@ruud
I had a list of competing commercial alternatives somewhere.. maybe I can dig it up. But I would certainly touch base with jerry@infosec.exchange because I think he dealt with attacks quite cleverly without having to use CF or any MitM of that kind. Part of his solution involves standing up an onion host & redirecting tor traffic there. But before that step, he has a way of tar-pitting suspicious traffic on the clearnet side. There is also a fedi user “tallship” who suggests having a few VPSs geographically spread out and load-balanced with some fancy DNS stuff that’s over my head.