- Newest
- Most votes
- Most comments
Hello.
How about blocking access to "/services/payway/planselector" using AWS WAF rules?
It is possible to create a custom rule to inspect URL paths and block all rules that do not match.
https://docs.aws.amazon.com/waf/latest/developerguide/waf-rule-statement-fields-list.html#waf-rule-statement-request-component-uri-path
Also, although it costs a fee, AWS Shield Advanced can be used as a countermeasure against DDoS attacks.
https://docs.aws.amazon.com/waf/latest/developerguide/shield-chapter.html
You said you have enabled WAF on your API Gateway endpoint. Have you added some rules to it? Try adding some AWS Managed rules that are free of cost (compared to vendor-managed ones). There are AWS Managed rules that covers the OWASP Top 10 risks. However, you still have to add your custom rules, like filtering on domain origins (RegEx) , source IP Addresses (using IP Sets), etc, to harden your firewall further. Check this reference In https://docs.aws.amazon.com/waf/latest/developerguide/aws-managed-rule-groups-list.html.
Relevant content
- asked 9 months ago
- asked a year ago
- AWS OFFICIALUpdated 4 months ago
- AWS OFFICIALUpdated 2 months ago
- AWS OFFICIALUpdated 10 months ago
Using the WAF rule did the job. Thank you. Looks like the requests is coming from AWS network, and targeting this host
aws-us-east-2-mexico-cvideo-mfw-ott-berc.kb-mexico-aws-us-east-2.pool.clarovideo.net
. Should I report this incident to AWS support team? What you thinkI looked into the domain "clarovideo.net", but I think it's probably not the domain used by AWS. I thought it was another domain pretending to be from AWS. You may want to report this to AWS Support as it may be an attack. https://webwhois.verisign.com/webwhois-ui/index.jsp?language=#