So I got hit by large L7 ddos attacks, web applications type of attack. I have implemented most security measures including limiting "request_method" allowed outside. I have this configured: So I will deny any request except those 3 declared. Is that sufficient and enough for XenForo and WP to work fine? Thanks!