this is still somewhat speculative but if you're running this behind a proxy, you might want to configure either nginx realip module or equivalent, or this: https://symfony.com/doc/current/deployment/proxies.html so it could see and work with real user ip, if you haven't done so already (only do one of them, not both)
currently suspecting that this is the big part on why it hit 429 rate limit when it shouldn't be: the rate limiter probably only sees the proxy address, not the users, and so it ended up rate limiting the entire proxy instead of individual clients/users
that, or whatever you used to rotate image did so by editing exif orientation data, and that got stripped/lost somewhere along the way when posted, so the image unrotated itself (I guess?)