Usando AWS re:Post, accetti AWS re:Post Termini di utilizzo
AWS re:Postre:Post

How do I protect my Amplify-hosted website from the Bytespider bot?

0

I have a client's website hosted on Amplify, which has been a great hosting platform for the past few years.

Around the start of February, we noticed a significant increase in requests to the website, subsequently exceeding our request limits in certain third-party tools like Sentry and Weglot. After further investigation, we've found that these requests all had the same User Agent header of "Bytespider", which we've learned is a data scraper for ByteDance. A lot of forums have confirmed that it doesn't respect a disallow in robots.txt.

We do have an IP range (and a User Agent, obviously) that we can block, but unfortunately, as the website is on Amplify and not our own AWS setup, we can't access the CloudFront distribution or a WAF to implement rules to block these requests.

Does anyone know a way we can solve this issue?

Argomenti
ComputazionaliFront-end web e dispositivi mobiliAWS Well-Architected Framework
Tag
Provisioning di siti webAWS AmplifySicurezza
Lingua
English
Sam_Grade
posta 2 mesi fa427 visualizzazioni
1 Risposta
0

Hello.

As of March 2024, it is not possible to directly set up AWS WAF on Amplify, so I think it is necessary to change the configuration to a configuration where a custom CloudFront is placed in front of Amplify and use AWS WAF.
https://docs.aws.amazon.com/prescriptive-guidance/latest/patterns/enable-aws-waf-for-web-applications-hosted-by-aws-amplify.html

profile picture
ESPERTO
Riku_Kobayashi
con risposta 2 mesi fa
profile picture
ESPERTO
Giovanni Lauria
verificato 2 mesi fa
  • Sam_Grade
    2 mesi fa

    Is AWS WAF the only possible solution to this problem?

  • Riku_Kobayashi ESPERTO
    2 mesi fa

    As far as I know, Amplify does not have a function to restrict IP etc., so I think it is necessary to use AWS WAF etc. to do so.

Accesso non effettuato. Accedi per postare una risposta.

Una buona risposta soddisfa chiaramente la domanda, fornisce un feedback costruttivo e incoraggia la crescita professionale del richiedente.

Linee guida per rispondere alle domande

Contenuto pertinente