Troubleshoot with WAF WebACL log

Hi,

In our WebACL log, we keep seeing requests to our ALB from different countries but targeting the same host ip address in the request header. This ip seems to belong to AWS. Is there a way to find out what endpoint the requests are trying to reach? How did the spammers get the endpoints? And what can I do to protect our endpoints? Thanks.

romerogt
4 months ago
Wich field of the WebACL log are you considering that tells you "targeting he same host" ?

Topics

Security, Identity, & Compliance

Relevant content

AWS WAF - Blocking excessive requests from one IP address
AWS-User-8443772
asked 2 months ago
WAFv2 Apply Kinesis Data Firehouse logging to WebACL in CloudFormation
ChrisAC
asked 4 years ago
WebACL/WAF rules for multi-tenant SaaS application
robtimism
asked 9 months ago
real world experience with WAF WebACL anomaly detection
atiu
asked 2 years ago
How do I allow a legitimate IP address when using the IP reputation list or anonymous IP list in AWS WAF?
AWS OFFICIALUpdated 2 years ago
How do I analyze AWS WAF logs in Amazon Athena?
AWS OFFICIALUpdated 3 months ago
How do I capture client IP addresses in the web server logs behind an ELB?
AWS OFFICIALUpdated 2 years ago
How can I use an Application Load Balancer to route requests based on the source IP address?
AWS OFFICIALUpdated a year ago
How to customize audit logs in OpenSearch to see which queries were run by users?
EXPERT
Cathy W
published 2 months ago
AWS WAF & ALB One-Click Integration
EXPERT
Aanchal Agrawal
published 3 months ago