According to the documentation, rate limiting whitelisting is possible only by adding IP addresses to the var/.maintenance.ip
see https://github.com/fastly/fastly-magento2/blob/master/Documentation/Guides/RATE-LIMITING.md
But this approach is hard to manage, and it is prone to issue because someone may just rewrite the file when enabling maintenance
Suggested solution:
- Rate limiting whitelisting can be added using Fastly VCL snippet instead of the var/.maintenance.ip
- Or at least this is different file which can be managed separately