2

I'm running a pretty standard LAMP stack on AWS. ELB distributes traffic to a few EC2 Instances running the same application.

I have an issue where periodically I receive a huge spike in HTTP traffic from some of my customers. Is there a way (via WAF or something of this nature) to put in place throttling limits. Something akin to 'if IP X makes 1000 requests in 1 minute stop any further traffic from them for a period of time'?

Keep in mind it's not possible for me to know my customer's full range of IPs beforehand so a solution needs to be dynamic.

Any guidance on a best practice approach to this problem would be most gratefully received.

Drongo
  • 31
  • 2

1 Answers1

0

Naturally AWS has a WAF, with templates containing rate-based and other rules.

Or you could put your favorite WAF in front of this.

John Mahowald
  • 30,009
  • 1
  • 17
  • 32
  • This link is more helpful https://docs.aws.amazon.com/waf/latest/developerguide/ddos-get-started-rate-based-rules.html – Tim Jun 10 '19 at 19:10
  • Apparently in this space AWS has WAF and Shield Advanced products, and they duplicate explanation of rate-based rules. I don't know the products well enough to explain the difference. – John Mahowald Jun 11 '19 at 03:28