Rate-based rule high-level settings - AWS WAF, AWS Firewall Manager, and AWS Shield Advanced

Rate-based rule high-level settings

The rate-based rule statement uses the following high level settings:

  • Rate limit – The maximum number of requests allowed in a five-minute period that satisfy the criteria you provide before limiting the requests using the rule action setting. The minimum rate that you can set is 100. AWS WAF applies rate limiting near the limit that you set, but does not guarantee an exact limit match. For more information, see Request rate limiting.

  • Request aggregation – The aggregation criteria to use on the web requests that the rate-based rule counts and rate limits. For details, see Aggregation options and keys and Aggregation instances and counts.

  • (Optional) Forwarded IP configuration – This is only used if you specify IP address in header in your request aggregation, either alone or as part of the custom keys settings. AWS WAF retrieves the first IP address in the specified header and uses that as the aggregation value. A common header for this purpose is X-Forwarded-For, but you can specify any header. For more information, see Forwarded IP address.

  • Scope of inspection and rate limiting – You can narrow the scope of the requests that the rate-based statement tracks and rate limits by adding a scope-down statement. If you specify a scope-down statement, the rule only aggregates, counts, and rate limits requests that match the scope-down statement. If you choose the request aggregation option Count all, then the scope-down statement is required. For more information about scope-down statements, see Scope-down statements.

  • Action – The action to take on requests that the rule rate limits. You can use any rule action except Allow, and you can add custom handling and labeling to the actions as usual. For general information about rule actions, see Rule action. For information specific to rate limiting, see Request rate limiting.