Aws-Waf-Header-Analyzer – The Purpose Of The Project Is To Create Rate Limit In AWS WaF Based On HTTP Headers


The purpose of the project is to create rate limit in AWS WaF based on HTTP headers.

Golang is a dependencie to build the binary. See the documentation to install:

sudo make install

The rules configuration is very simple, for example, the threshold is the limited of the requests in X time. It’s possible to monitoring multiples headers, but, the header needs to be in HTTP Request header log.

x-api-id: # The header name in HTTP Request header
threshold: 100

threshold: 1000

It’s possible send notifications to Slack and Telegram. To configure slack notifications, you needs create a webhook configuration, see the slack documentation:

Telegram bot father:


bot-token: "123456789:NNDa2tbpq97izQx_invU6cox6uarhrlZDfa"
chat-id: "-4128833322"

To set up AWS credentials, it’s advisable to export them as environment variables. Here’s a recommended approach:

export AWS_ACCESS_KEY_ID=".."
export AWS_REGION="us-east-1"

retrive-logs-minutes-ago is the time range you want to fetch the logs, in this example, logs from 1 hour ago.

waf-log-group-name: aws-waf-logs-cloudwatch-cloudfront
region: us-east-1
retrive-logs-minutes-ago: 60

A considerable amount of time and effort goes into maintaining this website, creating backend automation and creating new features and content for you to make actionable intelligence decisions. Everyone that supports the site helps enable new functionality.

If you like the site, please support us on “Patreon” or “Buy Me A Coffee” using the buttons below

 To keep up to date follow us on the below channels.