Hi Reuven,
I'm afraid this is not possible. With the ACE, you can only limit the connection rate on a server, but without taking the client Ip into account. The purpose of this feature is to avoid overloading a server, not preventing attacks.
You should check with your account team for alternatives. I'm not an expert on it, but I believe you should be able to achieve what you need with an IDS module.
Regards
Daniel