Open FuhuXia opened 8 months ago
aws documentation on listing ip addresses that are being rate-limited
Good finding. I was also thinking to pipe the rate limit log to new relic where we can set an alert. Piping log to newrelic give us more info, allowing us to exam user's request info such as uri and browser agent, so we can tell the blocking is good or a mistake.
User Story
In order to be aware of catalog web traffic status, data.gov teams wants to be notified when AWS WAF rate limiting rule is triggerd and blocks ip addresses.
Acceptance Criteria
[ACs should be clearly demoable/verifiable whenever possible. Try specifying them using BDD.]
Background
[Any helpful contextual notes or links to artifacts/evidence, if needed]
Security Considerations (required)
None
Sketch
[Notes or a checklist reflecting our understanding of the selected approach]