Skip to content
By using AWS re:Post, you agree to the AWS re:Post Terms of Use
AWS re:Postre:Post
About re:Post

How do I use an aggregation key to configure a rate limit rule in AWS WAF?

5 minute read
0

I want to use aggregation key features to configure a rule that tracks and limits the rate of customer requests in AWS WAF.

Resolution

Use cookies to set a rate limit

For a cookie with a single name and a dynamic value, complete the following steps:

  1. Open the AWS WAF console.
  2. In the navigation pane, choose AWS WAF.
  3. Choose Resources & protection packs.
  4. Select your Protection pack.
  5. In your selected protection pack, select Rules.
  6. Select View and edit next to Rules to view or modify the rules associated with your protection pack.
  7. In the right pane for Manage rules choose Add rules.
  8. Choose Create new rule.
  9. Choose Custom rule and select Next.
  10. For Rule Type, choose Rate based rule and select Next.
  11. Under Rules, choose Add Rules.
  12. Choose Add my own rules and rule groups.
  13. Enter the following values to set up your rule:
    For Rule type, choose Rule Builder.
    For Name, enter a name to identify this rule.
    For Type, choose Rate-based rule.
    For Rate limit, enter a number between 100 and 20,000,000.
    For Evaluation window, select 1, 2, 5, or 10 minutes.
    For Request aggregation, choose Custom keys.
    (Optional) Choose a text transformation or choose None.
    For If a Request, choose Consider all requests.
    For Action, choose Block.
    For Cookie Name, enter your cookie name.
  14. Choose Add Rule.
  15. Choose Save.

Use a managed label namespace to set a rate limit

For requests that contain the label CategoryHTTPLibrary, complete the following steps.

Set the specific managed rule group to count mode

Complete the following steps:

  1. Open the AWS WAF console.
  2. In the navigation pane, choose AWS WAF.
  3. Choose Resources & protection packs.
  4. Select your Protection pack.
  5. In your selected protection pack, select Rules.
  6. Select View and edit next to Rules to view or modify the rules associated with your protection pack.
  7. Under Rules, choose Add Rules.
  8. Choose Add managed rule groups.
  9. Choose AWS managed rule groups.
  10. Under Paid rule groups, for the Bot Control rule set, toggle on Add to web ACL.
  11. Choose Edit.
  12. For Inspection level, select Common.
  13. From the list of rules, for HTTP library, select Count.
  14. Choose Add Rule.
  15. For Set Rule Priority, select your rule and update it to a lower priority than the Bot Control rule set.
  16. Choose Save.

Add a custom rule to the web ACL

Complete the following steps:

  1. Open the AWS WAF console.
  2. In the navigation pane, choose AWS WAF.
  3. Choose Resources & protection packs.
  4. Select your Protection pack.
  5. In your selected protection pack, select Rules.
  6. Select View and edit next to Rules to view or modify the rules associated with your protection pack.
  7. In the right pane for Manage rules choose Add rules.
  8. Choose Create new rule.
  9. Choose Custom rule and select Next.
  10. For Rule Type, choose Rate based rule and select Next.
  11. Under Rules, choose Add Rules.
  12. Choose Add my own rules and rule groups.
  13. To set up your rule, configure the following values:
    For Rule type, choose Rule Builder.
    For Name, enter a name to identify this rule.
    For Type, choose Rate-based rule.
    For Rate limit, enter a number between 100 and 20,000,000.
    For Evaluation window, select 1, 2, 5, or 10 minutes.
    For Request aggregation, choose Custom keys.
    For Label namespace, enter awswaf:managed:aws:bot-control:bot:category:
    For Scope of inspection and rate limiting, choose Consider all requests.
    For Action, choose Block.
  14. Choose Add Rule.
  15. For Set Rule Priority, update the rule priority for your custom rule so that it's lower than the priority for your managed rule. For more information, see Setting rule priority.
  16. Choose Save.

Use IP to set a rate limit

Note: You can use IP to set a rate limit only if the traffic comes with a specific host header. If the traffic doesn't have a header, then AWS WAF doesn't apply the rate limit.

For requests that contain a specific host header, such as example.com, complete the following steps:

  1. Open the AWS WAF console.
  2. In the navigation pane, choose AWS WAF.
  3. Choose Resources & protection packs.
  4. Select your Protection pack.
  5. In your selected protection pack, select Rules.
  6. Select View and edit next to Rules to view or modify the rules associated with your protection pack.
  7. In the right pane for Manage rules choose Add rules.
  8. Choose Create new rule.
  9. Choose Custom rule and select Next.
  10. For Rule Type, choose Rate based rule and select Next.
  11. To set up your rule, configure the following values:
    For Rule type, choose Rule Builder.
    For Name, enter a name to identify this rule.
    For Type, choose Rate-based rule.
    For Rate limit, enter a number between 100 and 20,000,000.
    For Evaluation window, select 1, 2, 5, or 10 minutes.
    For Request aggregation, choose Source IP Address.
    For Scope of inspection and rate limiting, choose Only consider requests that match the criteria in a rule statement.
    For If a request, choose Matches the statement.
    For Inspect, choose Single header.
    For Header field name, enter Host.
    For Match type, choose Exactly matching String.
    For String to match, enter example.com. Note: Replace example.com with your web address.
    (Optional) Choose a text transformation or choose None.
    For Action, choose Block.
  12. Choose Add rule.
  13. Choose Save.
Topics
Security, Identity, & Compliance
Tags
AWS WAF
Language
English
AWS OFFICIALUpdated a year ago
No comments

Relevant content