Skip to content
By using AWS re:Post, you agree to the AWS re:Post Terms of Use
AWS re:Postre:Post
About re:Post

Is it possible to "dry run" WAF rate limiting rules?

0

I would like to use the rule based rate limiting feature of WAF.

I plan to use logging to monitor which traffic was blocked and adjust the rate limit or the rules when necessary.

However, before enabling a rule for the first time or after making a change, I would like to cautiosly test the effect of the change with real life traffic without blocking it. I would not like to accidentally block legitimate traffic and causing downtime.

I was wondering if an ACL can operate in a "dry run" mode, in which it will allow all traffic to pass but will send log as if it was blocked.

I was not able to find the correct AWS terminology for this kind of feature. If this thing possible, could you guide me to the documentation that explains how to use it?

Topics
Security, Identity, & Compliance
Tags
AWS WAF
Language
English
asked 9 months ago153 views
1 Answer
3
Accepted Answer

Hello.

By setting AWS WAF rules to count mode, you can check the logs for requests that match the rules without actually blocking them.
https://docs.aws.amazon.com/waf/latest/developerguide/waf-rule-action.html

Count – AWS WAF counts the request but does not determine whether to allow it or block it. This is a non-terminating action. AWS WAF continues processing the remaining rules in the web ACL. In rules that you define, you can insert custom headers into the request and you can add labels that other rules can match against.

EXPERT
answered 9 months ago
EXPERT
reviewed 9 months ago

You are not logged in. Log in to post an answer.

A good answer clearly answers the question and provides constructive feedback and encourages professional growth in the question asker.

Relevant content