There will be a chance that one of the legitimate IP or multiple IP are sending huge traffic for one application within a second and requesting for same resource again and again.

Admin can configure rate limit for all the IP addresses or specific IP address to limit the user traffic for requesting same resource access multiple times within one second in general team user mistakenly open same application in multiple browser tabs. 

To configure Access rate limit, navigate to the application on which it needs to apply and follow the below path: Advanced Applications -> Custom Rule -> Create New -> Add Filter as shown below:

The above configuration is configured for a specific IP address 1.1.1.1, and Request per second means here that if the user send more than 10 request in one second for the application resources then action will be apply as period block which is 60 seconds. 
The user will be able to access the page after 60 seconds only.