Skip to content

v1.487.0
Compare
Choose a tag to compare
@cloudposse-releaser cloudposse-releaser released this 20 Aug 18:47
· 80 commits to refs/heads/main since this release
1.487.0
f5c5a6f
This commit was created on GitHub.com and signed with GitHub’s verified signature.
GPG key ID: B5690EEEBB952194
Learn about vigilant mode.
Add Scoped Rate Limits and Bot Control Machine Learning to WAF Component @RoseSecurity (#1103)

what

  • Added enable_machine_learning parameter inside aws_managed_rules_bot_control_rule_set configuration
  • Adds scope_down_statements with byte matching support

why

  • AWS highly recommends safeguarding against HTTP request floods; they advise implementing two rate limiting rules for web traffic. The initial rule employs AWS WAF's rate-based rules to automatically block IP addresses of malicious actors if the number of requests in a 5-minute sliding window surpasses a predefined threshold. The second rule focuses on a more detailed approach, allowing for targeted blocking. This is achieved by using scope_down_statements to refine the criteria for blocking, enhancing the precision of the defense mechanism.
  • Added enable_machine_learning argument to avoid idempotency problem if you use "COMMON" inspection level

example

scoped_rule

testing

Utilized the following example Atmos component:

        rate_based_statement_rules:
          - name: "scoped-rate-limit"
            action: "block"
            priority: 10
            statement:
              limit: 1000
              aggregate_key_type: "IP"
              evaluation_window_sec: 300
              scope_down_statement:
                byte_match_statement:
                  field_to_match:
                    uri_path: true
                  positional_constraint: "STARTS_WITH"
                  search_string: "/test"
                  text_transformation:
                    - priority: 0
                      type: "NONE"

references

Contributors

RoseSecurity
Assets 2
Loading