Try looking at the Cf-Worker header and blocking based off of that. Need an entirely new account or a name change (not sure if it is rate-limited) to bypass it.
My services have `noswhere.workers.dev`, let me know if you experience any issues.
Discussion
Bots are unfortunately using all sorts of Cf-Worker headers. This looks like a majour global attack at this point and even my fireweall is struggling to keep up. And I'm surprised that Cloudflare hasn't mitigated it yet. Once things calm down a bit I'll whitelist your stuff for sure (and if anyone else on Nostr is using Cloudflare workers for legitimate purposes please ping me your Cf-Worker header and I'll whitelist it as well).