Summary
A company was experiencing heavy traffic on the Web Application Firewall (AWS WAF) The company was trying to filter out 10% of the traffic, but it was still heavy duty. The company had just started a due diligence process for a security certification for the company.
A DDoS attack on Cloudfront's app was stopped in less than 15 minutes. The company was hit with 60 million requests in 10-15 minutes. It was followed by 300 million requests within 3 minutes. Cloudfront was able to stop the attack by setting up a geo rule.
The DDoS attack began on Friday morning and continued until Monday morning. It was not acceptable to have requests passing our API Gateway, even hitting our backend and flooding our DB. We blocked all the known IPs originating in the Dark Web, we blocked anonymous cloud provider IPs, and heck, we even blocked a few random ones.
There’s nothing you can do to prevent a DDoS, it doesn’t matter if you’re big or small, if you have a SaaS or a simple blog, it is just a matter of time until it could happen to you. Make sure you�’m using a cloud provider that has a Web Application Firewall, learn how to set it up and how to use it. Use an API Gateway, it helps you shield your services better than you can imagine, several orders of magnitude cheaper than a WAF and still really effective. Do enable Load Balancer access logs.
This post is public so feel free to share it with your friends. Share this post with your family and friends. Click here for more information. Share your photos and videos with CNN iReport. Visit CNN.com/Photos for a new gallery of photos. ShareYourPhotos with CNN.
