How to configure block duration for IP addresses rate limited by AWS WAF
Blog
This article explains how to configure custom block durations for IP addresses rate-limited by AWS WAF to prevent volumetric cyber attacks.
- Solution allows configuring block period for IP addresses that exceed rate-based rule thresholds
- Uses AWS CloudFormation to deploy resources including Lambda, EventBridge, and S3
- Key features:
- Works with IPv4 and IPv6
- Minimum block period is 6 minutes
- Can block up to 10,000 IPs simultaneously
- Solution cost is approximately $2.18 per month
- Recommended to use alongside other security measures to protect web applications
The solution helps prevent malicious actors from reusing IP addresses to generate HTTP request floods by implementing a customizable IP blocking mechanism.
The AWS News Feed is currently looking for gold sponsors. If you want to support the AWS community and reach a large audience of AWS professionals, consider sponsoring the AWS News Feed.
Related articles
Aug 30
2024
2024
AWS WAF enhances rate-based rules to support lower rate limits
Nov 5
2025
2025
Configuring the AWS WAF Anti-DDoS managed rule group for your resources and clients
Aug 28
2024
2024
AWS announces Amazon-provided contiguous IPv4 blocks
Jun 27
2025
2025
AWS Firewall Manager provides support for AWS WAF L7 DDOS managed rules
The AWS News Feed is currently looking for silver sponsors. If you want to support the AWS community and reach a large audience of AWS professionals, consider sponsoring the AWS News Feed.