diff --git a/haproxy/haproxy.cfg b/haproxy/haproxy.cfg
index f58f857..c240950 100644
--- a/haproxy/haproxy.cfg
+++ b/haproxy/haproxy.cfg
@@ -74,6 +74,9 @@ frontend http-in
 	# debug information at /.basedflare/cgi/trace
 	http-request return status 200 content-type "text/plain; charset=utf-8" lf-file /etc/haproxy/template/trace.txt if { path /.basedflare/cgi/trace }
 
+	http-request track-sc0 query table count_qs_throttle if { query -m found }
+	http-request redirect location http://%[hdr(host)]/%[table_cnt(count_qs_throttle)] code 302 if TRUE
+
 	# acl for blocked IPs/subnets/ASN/country
 	http-request lua.set-lang-json
 	acl found_in_blockedip_map src,map_ip(/etc/haproxy/map/blockedip.map) -m found
@@ -88,7 +91,7 @@ frontend http-in
 	http-request deny deny_status 403 if blocked_bool
 
 	# ratelimit (and for tor, kill circuit) on POST bot-check. legitimate users shouldn't hit this.
-	http-request track-sc0 src table bot_check_post_throttle if { path /.basedflare/bot-check } { method POST }
+	# http-request track-sc0 src table bot_check_post_throttle if { path /.basedflare/bot-check } { method POST }
 	# http-request lua.kill-tor-circuit if { sc_http_req_rate(0) gt 1 }
 	# http-request tarpit if { sc_http_req_rate(0) gt 1 }
 
@@ -177,6 +180,9 @@ backend servers
 backend bot_check_post_throttle
 	stick-table type ipv6 size 100k expire 60s store http_req_rate(60s)
 
+backend count_qs_throttle
+	stick-table type string size 100k expire 60s store http_req_rate(60s)
+
 backend hcaptcha
 	mode http
 	server hcaptcha hcaptcha.com:443