AWS WaF HTTP header analyzer | The Purpose Of The Project Is To Create Rate Limit In AWS WaF Based On HTTP Headers
Building and install
Golang is a dependencie to build the binary. See the documentation to install: https://go.dev/doc/install 1make sudo make install
Rules
The rules configuration is very simple, for example, the threshold is the limited of the requests in X time. It’s possible to monitoring multiples headers, but, the header needs to be in HTTP Request header log.Config example
rules: header: x-api-id: # The header name in HTTP Request header threshold: 100 token: threshold: 1000Notifications
It’s possible send notifications to Slack and Telegram. To configure slack notifications, you needs create a webhook configuration, see the slack documentation: https://api.slack.com/messaging/webhooksTelegram bot father: https://t.me/botfather
Config example
notifications: slack: webhook-url: https://hooks.slack.com/services/DA2DA13QS/LW5DALDSMFDT5/qazqqd4f5Qph7LgXdZaHesXs telegram: bot-token: “123456789:NNDa2tbpq97izQx_invU6cox6uarhrlZDfa” chat-id: “-4128833322”AWS
Credentials
To set up AWS credentials, it’s advisable to export them as environment variables. Here’s a recommended approach:export AWS_ACCESS_KEY_ID=“…” export AWS_SECRET_ACCESS_KEY=“…” export AWS_REGION=“us-east-1”
Log group
retrive-logs-minutes-ago is the time range you want to fetch the logs, in this example, logs from 1 hour ago.aws: waf-log-group-name: aws-waf-logs-cloudwatch-cloudfront region: us-east-1 retrive-logs-minutes-ago: 60
