Using Aws Waf Security Automation's cloudformation template, I have created webacl where HTTPFloodrate based rule is defined for 100 requests per 5 min. Error threshold is set to 10 for maximum acceptable requests per FIVE-minute period per IP address. I set the period (in minutes) as 1500 to block applicable IP addresses using rule Activate Scanners & Probes Protection or HTTP Flood Lambda.
When I made a load test from single IP and made 1000 requests in min. All 1000 requests throws 403 error but Scanner and Probe Rule seems don't work. According to Scanner rule, should not it block after 10 requests per IP? Only HTTP based rule worked after 30-35 seconds (after 300-400 requests)
AWS 官方已更新 2 年前