The goal is to have something in front of the hosting (like Cloudflare proxy)
so requests hit there and not your website directly.
There is no point in putting anything here on the hosting like .htaccess
or use some PHP script that will automatically block the IP
because in order for that script to react, it must be touched (by attackers)
to return some 403 to him - and it’s a HIT again
everything is a HIT - whenever the server has to respond to a request or process something
So it’s the same as someone ringing your doorbell
and you have some auto system that will tell him “I’m not at home”,
but his pressing the doorbell consumes resources anyway
regardless of the message you will give him (or no message).
IP blocking can reduce requests,
because it’s not the same when someone touches your website and get a 403
VS loading all CSS files + images + JS = additional 80+ REQs,
but if someone really wants to crash your website, he will easily find another way or just increase the number of requests (and achieves the same).
If you own your domain you can