Aws-Waf-Header-Analyzer – The Purpose Of The Project Is To Create Rate Limit In AWS WaF Based On HTTP Headers

The purpose of the project is to create rate limit in AWS WaF based on HTTP headers.

Golang is a dependencie to build the binary. See the documentation to install: https://go.dev/doc/install

make
sudo make install

The rules configuration is very simple, for example, the threshold is the limited of the requests in X time. It’s possible to monitoring multiples headers, but, the header needs to be in HTTP Request header log.

rules:
header:
x-api-id: # The header name in HTTP Request header
threshold: 100

token:
threshold: 1000

It’s possible send notifications to Slack and Telegram. To configure slack notifications, you needs create a webhook configuration, see the slack documentation: https://api.slack.com/messaging/webhooks

Telegram bot father: https://t.me/botfather

notifications:
slack:
webhook-url: https://hooks.slack.com/services/DA2DA13QS/LW5DALDSMFDT5/qazqqd4f5Qph7LgXdZaHesXs

telegram:
bot-token: “123456789:NNDa2tbpq97izQx_invU6cox6uarhrlZDfa”
chat-id: “-4128833322”

To set up AWS credentials, it’s advisable to export them as environment variables. Here’s a recommended approach:

export AWS_ACCESS_KEY_ID=”..”
export AWS_SECRET_ACCESS_KEY=”..”
export AWS_REGION=”us-east-1″

retrive-logs-minutes-ago is the time range you want to fetch the logs, in this example, logs from 1 hour ago.

aws:
waf-log-group-name: aws-waf-logs-cloudwatch-cloudfront
region: us-east-1
retrive-logs-minutes-ago: 60
Download Aws-Waf-Header-Analyzer