我目前正在尝试使用 S3 静态网站、API Gateway 和 AWS Lambda 设计一个无服务器应用程序。我想公开这个网站,所以每个用户没有 API key 。
我想防止将这些端点滥用到非常低的水平,例如每 5 秒对给定公共(public) IP 发出 1 个请求。
是否可以使用 AWS Shield 或在任何这些服务中?
最佳答案
来自 AWS Announces Rate-Based Rules for AWS WAF :
AWS today announced Rate-based Rules for AWS WAF. This new rule type protects customer websites and APIs from threats such as web-layer DDoS attacks, brute force login attempts and bad bots. Rate Based Rules are automatically triggered when web requests from a client exceed a certain configurable threshold.
With Rated-based Rules customers can also block future requests from a client trying to send large volume of requests to certain parts of their website like the login page. Customer can also integrate this new rule with CloudWatch Alarms and AWS Lambda to take custom action on clients making unusually high calls against their API endpoints. Customers can also use Rate-Based Rules to mitigate unwanted bots by combining the Rate-based rule with a condition to identify specific malicious user agents’ associated with bad bots.
关于amazon-web-services - 如何通过 IP 限制 AWS Lambda 或 API Gateway?,我们在Stack Overflow上找到一个类似的问题: https://stackoverflow.com/questions/56451555/