WAF rate based statement doesn't check the rate of requests every 30 seconds

0

According to AWS documentation, AWS WAF is supposed to assess the request rate from a specific IP every 30 seconds, factoring in requests from the previous 5 minutes. This implies that there might be a short interval of up to 30 seconds during which an aggregation instance could receive requests at an elevated rate before AWS WAF identifies and applies rate limiting.

In my experience, however, there seems to be a delay of 42 seconds before the rate-based statement becomes effective. This discrepancy from the anticipated behavior requires further investigation. My rule's configuration shows here: Enter image description here

I've provided a screenshot of my rate-based statement configuration for your reference [insert screenshot link]. Additionally, I've included a test video demonstrating the issue https://user-images.githubusercontent.com/15911068/266927216-4c0020b4-a75c-4aac-ad44-cfc35e73c277.mp4. oha -n 2000 --burst-delay 2s --burst-rate 30 http://sapia-qa-1344606689.ap-southeast-2.elb.amazonaws.com means to send 2000 HTTP requests to the specified URL, with bursts of 30 requests per second, and a 2-second delay between bursts.

Thank you for your assistance in resolving this matter.

asked 9 months ago383 views
1 Answer
0

Hi Lance Li, the best way to get this feedback and troubleshooting to AWS teams it's through our support engineers. Have you opened a case already on this issue? If not, I would encourage to open it so the support team can engage and track it!

Thanks for all your hard work!

AWS
answered 9 months ago

You are not logged in. Log in to post an answer.

A good answer clearly answers the question and provides constructive feedback and encourages professional growth in the question asker.

Guidelines for Answering Questions