How to Configure Rate Limiting on Your Firewall to Prevent Attacks
Examples of setting rate limits on a firewall can be done in various ways, depending on the type of firewall you are using, such as
IPTables (for Linux-based firewall)
You can use IPTables to set rate limits per IP address# Allow no more than 25 requests within 60 seconds from each IP
sudo iptables -A INPUT -p tcp --dport 80 -m connlimit --connlimit-above 25 -j REJECT
sudo iptables -A INPUT -p tcp --dport 80 -m state --state NEW -m recent --set
sudo iptables -A INPUT -p tcp --dport 80 -m state --state NEW -m recent --update --seconds 60 --hitcount 25 -j DROPNGINX
NGINX can set rate limits usinglimit_req_zone and limit_reqhttp {
# Create a zone for tracking connection states
limit_req_zone $binary_remote_addr zone=one:10m rate=1r/s;
server {
location / {
limit_req zone=one burst=5;
# Set the response when rate limiting is applied
limit_req_status 429;
# Other response options
proxy_pass http://backend;
}
}
}Cloudflare
If you are using Cloudflare, you can configure rate limiting through the Cloudflare Dashboard- Login to Cloudflare Dashboard
- Navigate to the specific site
- Go to Firewall -> Tools -> Rate Limiting
- Create a new rule, specify the URL pattern, request limit, time period, and action (e.g., Block, Challenge)AWS WAF (Web Application Firewall)
คุณสามารถสร้าง rate-based rules ใน AWS WAF เพื่อกำหนดการป้องกันการโจมตี- Login to AWS Management Console
- Go to WAF & Shield
- Create or select a WebACL
- Add a Rate-based rule
- Set the rate limit (e.g., 2000 requests per 5 minutes)
- Associate the rule with your resources (e.g., CloudFront distribution, API Gateway)Setting rate limits is crucial to prevent unnecessary resource usage and to protect your website or service from various attack forms. You should adjust the rate limit values to suit actual usage and the expected traffic volume from normal users to avoid negatively impacting legitimate users.