Posted On: Jul 20, 2023
AWS WAF now supports URI path as an aggregation key for rate-based rules, providing customers with enhanced control and simplicity in managing request rates for URI paths. With this feature, customers can track request rates for any URI path and apply rule actions based on the number of requests received.
Customers could already use rate-based rules to take a rule action such as Block or Captcha until the rate of requests falls below a customer-defined threshold. Previously, customers had to use scope down statements to specify URIs for rate limiting. It required explicit URI definitions in the rule configuration, which was inconvenient for customers that wanted to protect multiple URI paths with a single rule. Now, customers can track request rates for any URI path without the need for additional scope down statements. For instance, customers can now simply create a rule to block users that initiate too many requests to any of the website's URI paths. Customers can further refine rate-based rules by using WAF match conditions or additional request aggregation keys.
There is no additional cost for using this feature, however standard AWS WAF charges still apply. For more information about pricing, visit the AWS WAF Pricing page. This feature is available in all AWS regions except the AWS GovCloud (US), Zurich (Europe), Spain (Europe), Hyderabad (Asia Pacific), Melbourne (Australia), Ningxia (China), and Beijing (China) Regions. Support for these regions is expected later. To learn more, see the AWS WAF developer guide. For more information about the service, visit the AWS WAF page.