Open chladic opened 1 year ago
Hello,
This can happen if you have multiple elements in your waf_config
or maybe during the initial creation of the sets at startup if you have more than 10k decisions (although i've never ran into this limit).
https://github.com/crowdsecurity/cs-aws-waf-bouncer/pull/15 should help reduce the amount of calls made to the UpdateIPSet
API when sharing the same RuleGroup for multiple WebACLs.
We'll be looking into implementing rate limiting when calling AWS APIs to make sure we don't go over the quotas.
Hi @blotus. I have only one web_acl in my config
waf_config:
- web_acl_name: web-waf
fallback_action: captcha
rule_group_name: crowdsec-rule
scope: REGIONAL
region: ...
ipset_prefix: crowdsec-ipset
capacity: 50
Regarding decisions I have only 50-100 (+ community blacklist where is like 26k IP addresses).
I use workaround what you suggested where in web-waf2 Im using crowdsec RuleGroup created in web-waf (manually added). This can cause that bouncer is using more API calls ?
Hello crowdsec team,
few times a day I get error:
AWS support told me there is hard limit to do 1 API call per second. Is it possible this is creating more calls per second ?
Thanks a lot