Design a method to programmatically identify and rate limit anonymous vs authenticated user traffic

Until we have a rate limiting solution inside the application, we should look for a way to rate limit traffic based an authentication status. This would help prevent automated DOS incidents.

Investigate using Cloudflare Workers, or Cloudflare rate limiting. Or, possibly even HAProxy rate limiting.