Saltar al contenido
Al usar AWS re:Post, aceptas las AWS re:Post Términos de uso
AWS re:Postre:Post
Acerca de re:Post

AWS WAF rate limit not honored

0

I configured WAF "rate limit" as 10 and evaluation window as "5 minutes" "RateBasedStatement": { "Limit": 10, "AggregateKeyType": "FORWARDED_IP", "EvaluationWindowSec": 300, "ForwardedIPConfig": { "HeaderName": "X-Forwarded-For", "FallbackBehavior": "NO_MATCH" } } When repeatedly fired requests in a loop, it accepted 159 requests in approximately 1 minute. Then it blocked requests till end of the window.

When i send 1 request every 15seconds, it is blocking at 13th request.

I verified that the IP in X-Forwarded-for-header during this time is the same. I am I missing any configuration?

Temas
Seguridad, identidad y cumplimiento
Etiquetas
AWS WAF
Idioma
English
preguntada hace 3 meses32 visualizaciones
1 Respuesta
0

Hello,

You're not missing configuration - there's a common misunderstanding about what the limit means.

AWS WAF rate limits are not instantaneous per request; instead, they are assessed over a sliding window (EvaluationWindowSec). This implies that bursts above the configured Limit can pass at first, but once the threshold is surpassed, blocking takes place. Make sure the X-Forwarded-For header has the correct client IP when using FORWARDED_IP.

References

AWS WAF Rate-based rules:

https://docs.aws.amazon.com/waf/latest/developerguide/waf-rule-statement-type-rate-based.html

Forwarded IP configuration:

https://docs.aws.amazon.com/waf/latest/developerguide/waf-rule-statement-type-rate-based.html#forwarded-ip

respondido hace 3 meses

No has iniciado sesión. Iniciar sesión para publicar una respuesta.

Una buena respuesta responde claramente a la pregunta, proporciona comentarios constructivos y fomenta el crecimiento profesional en la persona que hace la pregunta.

Contenido relevante