If we strongly generalize ddos, there are two types -
1 attack on the channel you are simply clogged with traffic to the eyeballs of the network interface of your server and it cannot communicate with clients, this is not solved on the side of the server itself - only external solutions such as cloudflares.
2 attacks on the application and related software, flood the web server with slow connections until the limit is reached, look for heavy actions with the database on your site (search for example) so that later they load the database with a bunch of requests and the service starts to blunt, and so on. The main methods of struggle are to know the pattern of an ordinary user, and set the necessary limits a little higher than necessary for an ordinary user) in the firewall or front-end proxy (for example, haproxy)

1. IP blocking is the basic functionality of the firewall, but with DDOS it is useless to set it manually
2. DDOS is usually organized either using amplify traffic or a slowloris attack. There is also UDF flood. so websocket or whatever you have is not important. If you do not have the ability to scale horizontally to repel the first wave of harmful traffic, then nothing will help you, although there are solutions, I do not argue. If you have one server, then just forget about this problem - you will not have enough resources to deal with it
3. The message limit is called throttling and is implemented very simply, but it works after anti-ddos tools and has nothing to do with it.
4. you will not be able to limit the bandwidth for different clients, but in general, if you just lie down from your crooked hands