Skip to content
By using AWS re:Post, you agree to the AWS re:Post Terms of Use
AWS re:Postre:Post
About re:Post

How do I apply a rate limit on a specific request parameter or URI in AWS WAF?

4 minute read
0

I want to apply a rate limit on a specific request parameter or URI in AWS WAF.

Resolution

Add a rate limit to a specific URI

Complete the following steps:

  1. Open the AWS WAF console.
  2. For Region, choose the AWS region where you created your protection pack.
  3. In the navigation pane, choose Resources & protection packs.
  4. Choose your protection pack and select Rules.
  5. Select View and edit next to Rules to view or modify the rules associated with your protection pack.
  6. In the right pane for Manage rules choose Add rule.
  7. Choose Custom rule and select Next.
  8. Choose Rate based rule and select Next.
  9. For Name, enter your rule name.
    For Rate limit, enter a limit.
    For Evaluation window, select a value.
    For Request aggregation, choose how you want to rate limit. For more information, see Aggregating rate-based rules in AWS WAF.
    Note: If your traffic comes through a proxy or CDN, then use IP address in header. For more information, see Using forwarded IP addresses in AWS WAF.
  10. For Scope of inspection and rate limiting, select Only consider requests that match the criteria in a rule statement.
  11. For If a request, select matches the statement. If you want to add multiple URI path conditions, then select matches at least one of the statements (OR).
  12. For Statement, enter the following information:
    For Inspect, choose Originates from an IP address in.
    For IP set, select your IP set.
    For IP address to use for rate limiting, choose the following items:
    If you want to rate limit based on the client IP field, then choose Source IP address.
    If you want to rate limit based on the IP address in the header, then choose IP address in header.
  13. For Action, choose Block.
  14. Choose Create rule.
  15. For Set Rule Priority, select Edit rule order and drag the rule according to the priority you want to set. For more information, see Setting rule priority.

Exclude specific IP addresses from rate limit rules

Complete the following steps:

  1. Open the AWS WAF console.
  2. In the navigation pane, choose Resources & protection packs.
  3. In Protection packs, choose Manage sets and groups.
  4. Choose Manage IP sets.
  5. Create a new IP set that contains all the IP addresses that you don't want to rate limit.
  6. Select View and edit next to Rules to view or modify the rules associated with your protection pack.
  7. In the right pane for Manage rules choose Add rule.
  8. Choose Custom rule and select Next.
  9. Choose Rate based rule and select Next.
  10. For Name, enter your rule name.
    For Rate limit, enter a limit.
    For Evaluation window, select a value.
    For Request aggregation, choose how you want to rate limit. For more information, see Aggregating rate-based rules in AWS WAF.
    Note: If your traffic comes through a proxy or CDN, then use IP address in header. For more information, see Using forwarded IP addresses in AWS WAF.
  11. For Scope of inspection and rate limiting, choose Only consider requests that match the criteria in a rule statement.
  12. For If a request, choose matches the statement. If you want to add multiple URI path conditions, then select matches at least one of the statements (OR).
  13. For Statement, enter the following information:
    For Inspect, choose URI path.
    For Match type, choose Contains string.
    For String to match, enter /admin. Note: Replace /admin with your URI path.
    For Text transformation, choose None.
  14. For Action, choose Block.
  15. Choose Create rule.
  16. For Set Rule Priority, select Edit rule order and then drag the rule according to priority you want to set. For more information, see Setting rule priority.

Related information

Rate-based rule high-level settings in AWS WAF

Topics
Security, Identity, & Compliance
Tags
AWS WAF
Language
English
AWS OFFICIALUpdated 6 months ago
5 Comments

100 is not enough. Please give more granular control. eg: 5 or10 etc for a period of 1 min, 2 min, 5 min etc.

This is the highest I'm paying for, and it should work for me. Please ad option below 100.

Is there any site I submit this feedback?? Please share.

replied 2 years ago

Thank you for your comment. We'll review and update the Knowledge Center article as needed.

AWS
EXPERT
replied 2 years ago

100 is not enough. Please give more granular control. eg: 5 or10 etc for a period of 1 min, 2 min, 5 min etc.

This is the highest I'm paying for, and it should work for me. Please ad option below 100.

Is there any site I submit this feedback?? Please share.

replied 2 years ago

Thank you for your comment. We'll review and update the Knowledge Center article as needed.

AWS
EXPERT
replied 2 years ago

If you want to rate limit based on the IP address in the header, then select IP address in header. Note: If your traffic comes through a proxy or a CDN, then use IP address in header. For more information, see Forwarded IP address.

Should the one in Note mean "use Forwarded IP address" instead? Because it literally mentioned the use case and purpose of this header in the following

replied a year ago

Relevant content