How to create customize AWS WAF Rate-based rule for 1min time window?

0

I am new to AWS WAF, we have use case where we need to block certain amount of IPs within a 1min time window ?

in breif : IP address/addresses block for 10 minutes if we are getting more than 20 Requests per minute. As per the current architecture , none of API GATEWAY/LAMBDA are used. It just a simple system and ALB being attached to the WEB Acl.so is there a way to implement required solution , can someone assist me?

1개 답변
1
수락된 답변

AWS WAF rate-based rules can only determine access in 5 minutes.
So please consider installing a third party WAF.
https://docs.aws.amazon.com/waf/latest/developerguide/waf-rule-statement-type-rate-based.html

The minimum rate that you can set is 100. AWS WAF checks the rate of requests every 30 seconds, and counts requests for the prior 5 minutes each time. Because of this, it's possible for an IP address to send requests at too high a rate for 30 seconds before AWS WAF detects and blocks it.

profile picture
전문가
답변함 일 년 전
  • Cant we implement a alternative solution , because client strictly asking us to do this (they need this to check every 1min), can you kindly assist please?

  • Cant we create custom Jason rule for this? any possible solution rather accepting 5min time window solution?

  • I can't set a one-minute threshold, but what about lowering the threshold with a rate-based rule? For example, if the threshold is set to the lowest value of 100 accesses, the one-minute interval will allow only 20 accesses.

  • yes that's what we recommended, according to the by default set up, waf checks and calculate the requests for last 5min noh. client wants to calculate last one minute. that's the requirement

  • It is rare to have a use case where you want to block a certain amount of IP addresses at one-minute intervals...

로그인하지 않았습니다. 로그인해야 답변을 게시할 수 있습니다.

좋은 답변은 질문에 명확하게 답하고 건설적인 피드백을 제공하며 질문자의 전문적인 성장을 장려합니다.

질문 답변하기에 대한 가이드라인