How to add a rate limit rule by URL

Question

I want to add a rate limit rule that forces a captcha when the limit is reached.  I want to limit this for any user who is accessing a URL which contains the word "product" in the url.

I set something up like this and want to confirm if this is correct?

Request aggregation
Count all
Rate limit
100
Scope-down statement
Field to match
URI path
Positional constraint
Contains string
Search string
/product
Text transformations
Lowercase (Priority 0)

Answer

Your concept is correct. Would recommend that you capture the WAF logs to an S3 bucket and setup a table in Athena to run queries to help validate your custom WAF rules. More details are available in this blog [3 most important AWS WAF Rate Based Rules](https://aws.amazon.com/blogs/security/three-most-important-aws-waf-rate-based-rules/)

How to add a rate limit rule by URL

相關內容