Comment by andersa

Website admin can solve this and still have protection by enabling caching of the rss feed, using a transform rule to drop all fields that could mess with the cache key, and then reducing the security level for that url. The cache works fine as a DDoS defense aswell as long as you don't let people mess with the key.