1 Answer
- Newest
- Most votes
- Most comments
1
Hi Techxonia!
This article explains how can you update WAF rules in real time: https://aws.amazon.com/blogs/security/automatically-updating-aws-waf-rule-in-real-time-using-amazon-eventbridge/
answered 2 years ago
Relevant content
- asked a year ago
AWS OFFICIALUpdated 2 years ago- AWS OFFICIALUpdated 4 months ago
- AWS OFFICIALUpdated 2 years ago
- AWS OFFICIALUpdated 2 years ago
Thank you for response and still confused to solve the issue that WAF takes about 30 sec to act according to rule action (as per documentation). another issue that I could not solve is https://repost.aws/questions/QUNQvDBuveTF655KQOTpxjfw/waf-didnt-block-requests-if-block-condition-matched-for-first-time
Summary of qn Using locust , I made WAF test on my application. I made a rate limit based rule to block IP if requests exceed 100 in a default 5 minute window. When I tested with concurrency 400 with spawn rate 40, then WAF doesnot block after total requests exceeds 100. But when I stop the test and make a new test in locust and then only WAF blocks that IP for 5 min .
I tested many times and found when I make a first locust test , WAF is not working even if condition meets. But it works if I stop that test and make a new test. My purpose of blocking through WAF seems not feasible since attacker can make attack with huge requests and that won't be blocked.
I have enabled WAF on API gateway.
Can I have idea on this?