- Newest
- Most votes
- Most comments
Q. Does AWS WAF Detects and log HTTP Flood logs?
If detailed WAF logging is enabled, WAF will log the HTTP flood requests just like any other incoming requests in the destination that you choose.
Q. If this rule is breached then what will happen? Will it log somewhere?
If the rule is breached:
- You will be able to find a datapoint in the CW metrics for WAF for the rate based rule.
- You will be able to list the IPs blocked by this rule by running the CLI command described here
Q. Is there any link to find an example log for HTTP Flood logs and the rule is breached?
You can run this CW insights query to filter by requests blocked by a rate-based rule:
fields @timestamp, httpRequest.clientIp, terminatingRuleId, httpRequest.country,@message
| filter terminatingRuleType ="RATE_BASED" ## and webaclId = "arn:aws:wafv2:us-east-1:xxxxxxxx:regional/webacl/waf-test/abcdefghijkl" ## uncomment to filter for specific WebACL
| sort requestCount desc
You can find the other sample queries here
Hello,
You gonna find an excellent content for your question in the blog post The three most important AWS WAF rate-based rules with the most important AWS WAF rate-based rules are for proactively protecting your web applications against common HTTP flood events, and how to implement these rules.
The AWS's Shield Response Team (SRT) has learned from helping customers respond to HTTP floods and this blog post show how all AWS WAF customers can benefit from these learnings.
Hope it helps,
Relevant content
- asked a year ago
- asked a year ago
- asked a year ago
- asked 2 years ago
AWS OFFICIALUpdated 8 months ago- AWS OFFICIALUpdated 10 months ago
- AWS OFFICIALUpdated 8 months ago
- AWS OFFICIALUpdated 9 months ago
