aijunpeng
commented
4 years ago Thanks for your contribution. We have added your request to our solution backlog items and it will be considered in future solution releases.
Closed cgol closed 1 year ago
aijunpeng
commented
4 years ago Thanks for your contribution. We have added your request to our solution backlog items and it will be considered in future solution releases.
Arunkumar198028
commented
2 years ago @cgol Can you please help with the steps to achieve this?
rakshb
commented
1 year ago Thanks for your request. After carefully evaluating the request, we decided that automatically removing blocked IPs could be a risky proposition. We want customers to evaluate and manually remove any IPs as needed.
Is your feature request related to a problem? Please describe. Bad Bot IPSet created by the Honeypot should be automatically cleared out after some elapsed time, e.g. 4 hours.
Sometimes the bad-bot honeypot will be triggered accidentally (or deliberately) from an IP that might be shared by a number of end users. For example a user trying to access /admin which is defined in cloudfront to trigger the honeypot api. The block as it currently stands will last forever and will also deny any legitimate users from the offending IP address. As far as I can see from the code there is no automated cleanup or removal of IP addresses in the bad-bot IP list.
Describe the feature you'd like IPs added to the bad-bot deny list should be automatically removed after a set time period, e.g. 4 hours.
Additional context This could be achieved fairly simply by the honeypot lambda invoking a Step Function with a 4 hour delay that invokes a lambda function to remove the offending IP.