I have a CloudFront distribution for an EC2 HTTP server. I created a rate limit for my CloudFront distribution using WAF. In theory no IP address should be able to send more than 2,000 requests in any 5 minute period. But this just doesn't seem to work. I fired off 10,000 concurrent requests from my laptop (using a Go program) in <1 minute and all of them got through. I know they are reaching the EC2 origin because my HTTP server keeps a counter for requests.
Strangely, the WAF dashboard even recognizes that traffic exceeded the 5 minute limit:
Yet no IP blocking took place: 
And my EC2 server registered all 10,000 hits.
Am I missing some configuration subtlety? Or is there meant to be a long delay between when CloudFront registers the traffic spike and when it implements the IP block?
EDIT: A config picture: 
0 comments:
Post a Comment