RateBasedStatement class

A rate-based rule tracks the rate of requests for each originating IP address, and triggers the rule action when the rate exceeds a limit that you specify on the number of requests in any 5-minute time span. You can use this to put a temporary block on requests from an IP address that is sending excessive requests.

When the rule action triggers, AWS WAF blocks additional requests from the IP address until the request rate falls below the limit.

You can optionally nest another statement inside the rate-based statement, to narrow the scope of the rule so that it only counts requests that match the nested statement. For example, based on recent requests that you have seen from an attacker, you might create a rate-based rule with a nested AND rule statement that contains the following nested statements:

  • An IP match statement with an IP set that specified the address 192.0.2.44.
  • A string match statement that searches in the User-Agent header for the string BadBot.
In this rate-based rule, you also define a rate limit. For this example, the rate limit is 1,000. Requests that meet both of the conditions in the statements are counted. If the count exceeds 1,000 requests per five minutes, the rule action triggers. Requests that do not meet both conditions are not counted towards the rate limit and are not affected by this rule.

You cannot nest a RateBasedStatement, for example for use inside a NotStatement or OrStatement. It can only be referenced as a top-level statement within a rule.

Constructors

RateBasedStatement({required RateBasedStatementAggregateKeyType aggregateKeyType, required int limit, ForwardedIPConfig? forwardedIPConfig, Statement? scopeDownStatement})
RateBasedStatement.fromJson(Map<String, dynamic> json)
factory

Properties

aggregateKeyType RateBasedStatementAggregateKeyType
Setting that indicates how to aggregate the request counts. The options are the following:
final
forwardedIPConfig ForwardedIPConfig?
The configuration for inspecting IP addresses in an HTTP header that you specify, instead of using the IP address that's reported by the web request origin. Commonly, this is the X-Forwarded-For (XFF) header, but you can specify any header name. This is required if AggregateKeyType is set to FORWARDED_IP.
final
hashCode int
The hash code for this object.
no setterinherited
limit int
The limit on requests per 5-minute period for a single originating IP address. If the statement includes a ScopeDownStatement, this limit is applied only to the requests that match the statement.
final
runtimeType Type
A representation of the runtime type of the object.
no setterinherited
scopeDownStatement Statement?
An optional nested statement that narrows the scope of the rate-based statement to matching web requests. This can be any nestable statement, and you can nest statements at any level below this scope-down statement.
final

Methods

noSuchMethod(Invocation invocation) → dynamic
Invoked when a nonexistent method or property is accessed.
inherited
toJson() Map<String, dynamic>
toString() String
A string representation of this object.
inherited

Operators

operator ==(Object other) bool
The equality operator.
inherited