I'm running a pretty standard LAMP stack on AWS. ELB distributes traffic to a few EC2 Instances running the same application.
I have an issue where periodically I receive a huge spike in HTTP traffic from some of my customers. Is there a way (via WAF or something of this nature) to put in place throttling limits. Something akin to 'if IP X makes 1000 requests in 1 minute stop any further traffic from them for a period of time'?
Keep in mind it's not possible for me to know my customer's full range of IPs beforehand so a solution needs to be dynamic.
Any guidance on a best practice approach to this problem would be most gratefully received.
Best Answer
Naturally AWS has a WAF, with templates containing rate-based and other rules.
Or you could put your favorite WAF in front of this.