API rate limiting on AWS load balancer using WAF

FightPandemics / FightPandemics

This is not the first and last pandemic. Currently, the information about the pandemic is highly fragmented, especially at the local level. Whereas one can find global information and trackers, it is difficult to find information that is relevant to your community. Furthermore, it is difficult for organizations, funders, companies, volunteers and local leaders to coordinate responses. This puts humanity and local communities at risk. FightPandemics was born to make communities more resilient to pandemics by facilitating access to information and coordinated responses.

MIT License

110 stars 141 forks source link

API rate limiting on AWS load balancer using WAF #1211

Open mannykary opened 4 years ago

mannykary commented 4 years ago

In #997 rate limiting is implemented using NGINX. It would be more robust to also rate limit in AWS on the load balancer itself using WAF: https://aws.amazon.com/blogs/aws/protect-web-sites-services-using-rate-based-rules-for-aws-waf/

This is not critical for soft launch. We will do #997 for soft launch, and take care of this after soft launch.

mannykary commented 3 years ago

Add a rate limit of 2500 over a 5 minute period in the review environment. Will test to see if it works.