AWS WAF - Prebid Server Deployment on AWS

Blocked requests HTTP flood detected Allowed requests

AWS WAF

Blocked requests

The alarm changes state if there is a large amount of blocked requests (greater than 75% of requests are blocked) within 1 minute.
This alarm indicates that there is something wrong with the requests passing through the WAF or there could be malicious requests in the traffic.
The alarm returns to the OK state if the data is within the acceptable threshold for 5 minutes.
Metric: BlockedRequests > 75%

HTTP flood detected

The alarm changes state if there is an HTTP flood attack detected within a 1-minute period.
The alarm returns to the OK state if the data is within the acceptable threshold for 5 minutes.
If detailed WAF logging is enabled, it will log the HTTP flood requests in the chosen destination. A datapoint will be logged in the CloudWatch metrics for the rule.
Metric: HttpFloodDetected > 0

Allowed requests

The alarm changes state if there is an anomaly in traffic with a high number of allowed requests within 1 minute.
This alarm indicates a spike or burst in traffic.
The alarm returns to the OK state if the data is within the acceptable threshold for 5 minutes.
The alarm is an anomaly alarm and will form the threshold based on the previous history of the metric.
Metric: AllowedRequests anomaly

Warning Javascript is disabled or is unavailable in your browser.

To use the Amazon Web Services Documentation, Javascript must be enabled. Please refer to your browser's Help pages for instructions.

Document Conventions

Traffic monitoring

CloudFront