1 Resposta
- Mais recentes
- Mais votos
- Mais comentários
0
How long are you waiting before stopping the first test? While the rate is expressed per 5 minute period, you don't have to wait that long before WAF will start blocking requests. A source IP that has exceeded the configured rate is typically blocked within 30 to 60 seconds - so it's not immediate. The rate limit is also per source IP address, so you would need to make sure that all your requests originated from the same IP. Checking the Cloudwatch metrics may help you here.
Conteúdo relevante
- AWS OFICIALAtualizada há 2 anos
- AWS OFICIALAtualizada há 2 anos
- AWS OFICIALAtualizada há um ano
- AWS OFICIALAtualizada há 2 anos
I tested it again with number of users (peak conccurency) 400 and spawn rate(users started/second) 5. After a one minute there are 2383 requests total and 965 requests were allowed and 1418 requests were forbidden. I have set rate limit 100 requests for 5 min in WAF and all source IP address is same. It needs to block all users requests after 100 requests. I couldn't figure what is the issue.