AWS re:Post을(를) 사용하면 다음에 동의하게 됩니다. AWS re:Post 이용 약관
AWS re:Postre:Post

waf didn't block requests if block condition matched for first time

0

Using locust , I made WAF test on my application. I made a rate limit based rule to block IP if requests exceed 100 in a default 5 minute window. When I tested with concurrency 400 with spawn rate 40, then WAF doesnot block after total requests exceeds 100. But when I stop the test and make a new test in locust and then only WAF blocks that IP for 5 min .

I tested many times and found when I make a first locust test , WAF is not working even if condition meets. But it works if I stop that test and make a new test. My purpose of blocking through WAF seems not feasible since attacker can make attack with huge requests and that won't be blocked.

I have enabled WAF on API gateway.

주제
보안, 신원 및 규정 준수
태그
AWS WAFAWS 방화벽 관리자
언어
English
Techxonia
질문됨 2년 전1272회 조회
1개 답변
0

How long are you waiting before stopping the first test? While the rate is expressed per 5 minute period, you don't have to wait that long before WAF will start blocking requests. A source IP that has exceeded the configured rate is typically blocked within 30 to 60 seconds - so it's not immediate. The rate limit is also per source IP address, so you would need to make sure that all your requests originated from the same IP. Checking the Cloudwatch metrics may help you here.

AWS
전문가
Paul_L
답변함 2년 전
  • Techxonia
    2년 전

    I tested it again with number of users (peak conccurency) 400 and spawn rate(users started/second) 5. After a one minute there are 2383 requests total and 965 requests were allowed and 1418 requests were forbidden. I have set rate limit 100 requests for 5 min in WAF and all source IP address is same. It needs to block all users requests after 100 requests. I couldn't figure what is the issue.

로그인하지 않았습니다. 로그인해야 답변을 게시할 수 있습니다.

좋은 답변은 질문에 명확하게 답하고 건설적인 피드백을 제공하며 질문자의 전문적인 성장을 장려합니다.

질문 답변하기에 대한 가이드라인

관련 콘텐츠