Passer au contenu
En utilisant AWS re:Post, vous acceptez les AWS re:Post Conditions d’utilisation
AWS re:Postre:Post
À propos de re:Post

AWS WAF rate limit not honored

0

I configured WAF "rate limit" as 10 and evaluation window as "5 minutes" "RateBasedStatement": { "Limit": 10, "AggregateKeyType": "FORWARDED_IP", "EvaluationWindowSec": 300, "ForwardedIPConfig": { "HeaderName": "X-Forwarded-For", "FallbackBehavior": "NO_MATCH" } } When repeatedly fired requests in a loop, it accepted 159 requests in approximately 1 minute. Then it blocked requests till end of the window.

When i send 1 request every 15seconds, it is blocking at 13th request.

I verified that the IP in X-Forwarded-for-header during this time is the same. I am I missing any configuration?

Sujets
Sécurité, identité et conformité
Balises
AWS WAF
Langue
English
demandé il y a 3 mois32 vues
1 réponse
0

Hello,

You're not missing configuration - there's a common misunderstanding about what the limit means.

AWS WAF rate limits are not instantaneous per request; instead, they are assessed over a sliding window (EvaluationWindowSec). This implies that bursts above the configured Limit can pass at first, but once the threshold is surpassed, blocking takes place. Make sure the X-Forwarded-For header has the correct client IP when using FORWARDED_IP.

References

AWS WAF Rate-based rules:

https://docs.aws.amazon.com/waf/latest/developerguide/waf-rule-statement-type-rate-based.html

Forwarded IP configuration:

https://docs.aws.amazon.com/waf/latest/developerguide/waf-rule-statement-type-rate-based.html#forwarded-ip

répondu il y a 3 mois

Vous n'êtes pas connecté. Se connecter pour publier une réponse.

Une bonne réponse répond clairement à la question, contient des commentaires constructifs et encourage le développement professionnel de la personne qui pose la question.

Contenus pertinents