WAF rate based statement doesn't check the rate of requests every 30 seconds
According to AWS documentation, AWS WAF is supposed to assess the request rate from a specific IP every 30 seconds, factoring in requests from the previous 5 minutes. This implies that there might be a short interval of up to 30 seconds during which an aggregation instance could receive requests at an elevated rate before AWS WAF identifies and applies rate limiting.
In my experience, however, there seems to be a delay of 42 seconds before the rate-based statement becomes effective. This discrepancy from the anticipated behavior requires further investigation. My rule's configuration shows here:
I've provided a screenshot of my rate-based statement configuration for your reference [insert screenshot link]. Additionally, I've included a test video demonstrating the issue https://user-images.githubusercontent.com/15911068/266927216-4c0020b4-a75c-4aac-ad44-cfc35e73c277.mp4.
oha -n 2000 --burst-delay 2s --burst-rate 30 http://sapia-qa-1344606689.ap-southeast-2.elb.amazonaws.com
means to send 2000 HTTP requests to the specified URL, with bursts of 30 requests per second, and a 2-second delay between bursts.
Thank you for your assistance in resolving this matter.
- Newest
- Most votes
- Most comments
Hi Lance Li, the best way to get this feedback and troubleshooting to AWS teams it's through our support engineers. Have you opened a case already on this issue? If not, I would encourage to open it so the support team can engage and track it!
Thanks for all your hard work!
Relevant content
- Accepted Answerasked a year ago
- asked 5 months ago
AWS OFFICIALUpdated 2 years ago- AWS OFFICIALUpdated 2 months ago
- AWS OFFICIALUpdated 2 years ago
- AWS OFFICIALUpdated a year ago
