How do I create a rate-based rule with a rate limit of fewer than 100 requests in AWS WAF?

Lesedauer: 2 Minute
0

I want to create a rate-based rule in AWS WAF that has a rate limit of fewer than 100 requests.

Resolution

To inspect and rate limit fewer than 100 requests, you must run Security Automations for AWS WAF. Use the HTTP flood custom rule to deploy an Amazon Athena query. This query runs on a recurring basis and analyzes your logs for IP addresses that send more requests than the established threshold. When you use the Athena log parser, you can set a threshold that's lower than 100.

However, you can't set a request rate that's lower than 100 for a rate-based rule in AWS WAF. Instead, you can use rate-based rules to set a rate limit of 100 requests for a smaller evaluation window and use other aggregation options. For more information, see How do I apply a rate limit on a specific request parameter or URI in AWS WAF?

Note: Factors such as propagation delays might cause requests to come in at a rate higher than the rate limit. In this case, AWS WAF might take several minutes to detect and rate limit these requests. Similarly, the request rate can be below the limit. AWS WAF might take several minutes to detect the decrease and discontinue the rate-limiting action.

Related information

Rate-based rule caveats

Automatically deploy a single web access control list that filters web-based attacks with Security Automations on AWS WAF

AWS OFFICIAL
AWS OFFICIALAktualisiert vor 2 Monaten