Spammy log with 404 errors in ECS Fargate with ALB

Question

After creating the service and configuring load balancing, I am seeing weird GET requests that are super spammy (100+ per minute) resulting in 404 error. I initially thought this was from healthcheck but I am seeing successful healthcheck in the log with 200 response.

Other than this, my service is working normally. How do I track down what this is and how to get rid of it?

Log message I am seeing:

`INFO: 172.31.79.147:58948 - "GET /predictions?filter[stop]=17096&sort=departure_time&api_key= HTTP/1.1" 404 Not Found`

Accepted Answer

Hello.

How about enabling the "X-Forwarded-For" header in ALB and checking the global IP of the access source in the web server log?  
If you can identify the global IP address of the access source, it may be a good idea to block it using AWS WAF and see what happens.  
https://docs.aws.amazon.com/elasticloadbalancing/latest/application/x-forwarded-headers.html#x-forwarded-for

I also think it would be a good idea to enable ALB access logs to determine attacks.  
https://docs.aws.amazon.com/elasticloadbalancing/latest/application/enable-access-logging.html

If you can determine that it is an attack, please try setting up AWS WAF etc.  
https://docs.aws.amazon.com/waf/latest/developerguide/getting-started.html

Answer

As its a Query in the URL request, then this will appear in the ALB logs. If you have not enabled ALB logging then enabling will help you locate the source of the request. Query the ALB logs with Athena https://docs.aws.amazon.com/athena/latest/ug/application-load-balancer-logs.html

The 404 is being returned by your Fargate service thats running. It cant find the page requested.

Spammy log with 404 errors in ECS Fargate with ALB

Relevant content