Incomplete rate-limiting coverage leaves endpoints vulnerable to floods

Rate-limiting rules configured only for subset of endpoints (e.g., only hc-ping.com but not hchk.io) allow attackers or misconfigured clients to bypass protection by targeting unprotected endpoints, potentially causing same connection exhaustion issues.

Review and update HAProxy rate-limiting rules to ensure all relevant endpoints and domains are covered. Verify that both primary and alternative endpoints have consistent rate-limiting policies applied at the load balancer level.