Posted On: Mar 4, 2024

AWS WAF now supports configurable evaluation time windows for request aggregation with rate-based rules. Customers can now select time windows of 1 minute, 2 minutes or 10 minutes, in addition to the previously supported 5 minutes.

Customers could already use AWS WAF rate-based rules to count incoming requests and rate limit requests when they are breaching the specified rate threshold. Previously, AWS WAF used a fixed 5 minute window when aggregating requests to evaluate rules. Now, in addition to the existing 5 minute window, customers can select 1 minute, 2 minutes, or 10 minute time windows for request aggregation. A shorter evaluation window may be better for quickly detecting and blocking spikes for high traffic applications, while a longer window may be more suitable for less frequently accessed applications.

To use the new configurable time window, set the ‘Evaluation window’ setting in your rate-based rules. For customers with existing rate-based rules, the default value remains unchanged at 5 minutes. To customize it, select a different value of 1, 2, 5, or 10 minutes and save your rule. To learn more, see the AWS WAF developer guide. There is no additional cost for using this feature, however standard AWS WAF charges still apply. For details, visit the AWS WAF Pricing page.

This feature is available in all AWS regions except the AWS GovCloud (US), Tel Aviv (Israel ), Zurich (Europe), Spain (Europe), Hyderabad (Asia Pacific), and Melbourne (Australia) Regions. Support for these regions is expected later.