How do I use an aggregation key to configure a rate limit rule in AWS WAF?

4 minute read
0

I want to use aggregation key features to configure a rule that tracks and limits the rate of customer requests in AWS WAF.

Resolution

Use cookies to set a rate limit

For a cookie with a single name and a dynamic value, complete the following steps:

  1. Open the AWS WAF console.
  2. In the navigation pane, under AWS WAF, choose Web ACLs.
  3. For Region, select the AWS Region where you created your web access control list (web ACL).
    Note: If your web ACL is set up for Amazon CloudFront, then select Global.
  4. Select your web ACL.
  5. Under Rules, choose Add Rules, and then choose Add my own rules and rule groups.
  6. Enter the following values to set up your rule:
    For Rule type, choose Rule Builder.
    For Name, enter a name to identify this rule.
    For Type, choose Rate-based rule.
    For Rate limit, enter a number between 100 and 20,000,000.
    For Evaluation window, select 1, 2, 5, or 10 minutes.
    For Request aggregation, choose Custom keys.
    (Optional) Choose a text transformation or choose None.
    For If a Request, choose Consider all requests.
    For Action, choose Block.
    For Cookie Name, enter your cookie name.
  7. Choose Add Rule.
  8. Choose Save.

Use a managed label namespace to set a rate limit

For requests that contain the label CategoryHTTPLibrary, complete the following steps.

Set the specific managed rule group to count mode

Complete the following steps:

  1. Open the AWS WAF console.
  2. Go to AWS WAF, and then choose Web ACLs.
  3. For Region, select the Region where you created your web ACL.
    Note: If your web ACL is set up for CloudFront, then select Global.
  4. Select your web ACL.
  5. Under Rules, and choose Add Rules, and then choose Add managed rule groups.
  6. Choose AWS managed rule groups.
  7. Under Paid rule groups, for the Bot Control rule set, toggle on Add to web ACL.
  8. Choose Edit.
  9. For Inspection level, select Common.
  10. From the list of rules, for HTTP library, select Count.
  11. Choose Add Rule.
  12. For Set Rule Priority, select your rule, and then update it to a lower priority than the Bot Control rule set.
  13. Choose Save.

Add a custom rule to the web ACL

Complete the following steps:

  1. Under Rules, choose Add Rules, and then choose Add my own rules and rule groups.
  2. Enter the following values to set up your rule:
    For Rule type, choose Rule Builder.
    For Name, enter a name to identify this rule.
    For Type, choose Rate-based rule.
    For Rate limit, enter a number between 100 and 20,000,000.
    For Evaluation window, select 1, 2, 5, or 10 minutes.
    For Request aggregation, choose Custom keys.
    For Label namespace, enter awswaf:managed:aws:bot-control:bot:category:
    For Scope of inspection and rate limiting, choose Consider all requests.
    For Action, choose Block.
  3. Choose Add Rule.
  4. For Set Rule Priority, update the rule priority for your custom rule so that it's lower than the priority for your managed rule. For more information, see Processing order of rules and rule groups in a web ACL.
  5. Choose Save.

Use IP to set a rate limit

Note: You can use IP to set a rate limit only if the traffic comes with a specific host header. If the traffic doesn't have a header, then AWS WAF doesn't apply the rate limit.

For requests that contain a specific host header, such as example.com, complete the following steps:

  1. Open the AWS WAF console.
  2. Go to AWS WAF, and then choose Web ACLs.
  3. For Region, select the Region where you created your web ACL.
    Note: If your web ACL is set up for CloudFront, then select Global.
  4. Select your web ACL.
  5. Under Rules, choose Add Rules, and then choose Add my own rules and rule groups.
  6. Enter the following values to set up your rule:
    For Rule type, choose Rule Builder.
    For Name, enter a name to identify this rule.
    For Type, choose Rate-based rule.
    For Rate limit, enter a number between 100 and 20,000,000.
    For Evaluation window, select 1, 2, 5, or 10 minutes.
    For Request aggregation, choose Source IP Address.
    For Scope of inspection and rate limiting, choose Only consider requests that match the criteria in a rule statement.
    For If a request, choose Matches the statement.
    For Inspect, choose Single header.
    For Header field name, enter Host.
    For Match type, choose Exactly matching String.
    For String to match, enter example.com. Note: Replace example.com with your web address.
    (Optional) Choose a text transformation or choose None.
    For Action, choose Block.
  7. Choose Add rule.
  8. Choose Save.
AWS OFFICIAL
AWS OFFICIALUpdated 17 days ago