By using AWS re:Post, you agree to the Terms of Use

Block IP address permanently if WAF blocks IP programmatically

0

How to block IP address permanently if WAF blocks request of that IP after matching a rate limit rule. Currently , I see manually listing that IP adresses in IP set details under AWS Waf. Instead of manually inserting that blocked IP address, how to make automatic list of blocked IP addresses once WAF blocks it.

1 Answer
1

Hi Techxonia!

This article explains how can you update WAF rules in real time: https://aws.amazon.com/blogs/security/automatically-updating-aws-waf-rule-in-real-time-using-amazon-eventbridge/

answered 8 months ago
  • Thank you for response and still confused to solve the issue that WAF takes about 30 sec to act according to rule action (as per documentation). another issue that I could not solve is https://repost.aws/questions/QUNQvDBuveTF655KQOTpxjfw/waf-didnt-block-requests-if-block-condition-matched-for-first-time

    Summary of qn Using locust , I made WAF test on my application. I made a rate limit based rule to block IP if requests exceed 100 in a default 5 minute window. When I tested with concurrency 400 with spawn rate 40, then WAF doesnot block after total requests exceeds 100. But when I stop the test and make a new test in locust and then only WAF blocks that IP for 5 min .

    I tested many times and found when I make a first locust test , WAF is not working even if condition meets. But it works if I stop that test and make a new test. My purpose of blocking through WAF seems not feasible since attacker can make attack with huge requests and that won't be blocked.

    I have enabled WAF on API gateway.

    Can I have idea on this?

You are not logged in. Log in to post an answer.

A good answer clearly answers the question and provides constructive feedback and encourages professional growth in the question asker.

Guidelines for Answering Questions