How to create customize AWS WAF Rate-based rule for 1min time window?


I am new to AWS WAF, we have use case where we need to block certain amount of IPs within a 1min time window ?

in breif : IP address/addresses block for 10 minutes if we are getting more than 20 Requests per minute. As per the current architecture , none of API GATEWAY/LAMBDA are used. It just a simple system and ALB being attached to the WEB is there a way to implement required solution , can someone assist me?


AWS WAF rate-based rules can only determine access in 5 minutes.
So please consider installing a third party WAF.

The minimum rate that you can set is 100. AWS WAF checks the rate of requests every 30 seconds, and counts requests for the prior 5 minutes each time. Because of this, it's possible for an IP address to send requests at too high a rate for 30 seconds before AWS WAF detects and blocks it.

profile picture
回答済み 1年前
  • Cant we implement a alternative solution , because client strictly asking us to do this (they need this to check every 1min), can you kindly assist please?

  • Cant we create custom Jason rule for this? any possible solution rather accepting 5min time window solution?

  • I can't set a one-minute threshold, but what about lowering the threshold with a rate-based rule? For example, if the threshold is set to the lowest value of 100 accesses, the one-minute interval will allow only 20 accesses.

  • yes that's what we recommended, according to the by default set up, waf checks and calculate the requests for last 5min noh. client wants to calculate last one minute. that's the requirement

  • It is rare to have a use case where you want to block a certain amount of IP addresses at one-minute intervals...

ログインしていません。 ログイン 回答を投稿する。