Setting up rate limiting

Rate limiting is one of the recommendations you may receive when configuring security protections.

CloudFront always enables rate limiting in monitor mode. When monitor mode is enabled, CloudFront captures metrics that tell you if the rate you configured in the Rate limiting field has been exceeded, how often, and by how much.

After you save the distribution, CloudFront starts to collect data based on the number in the Rate limiting field.

You can manage the rate limiting settings in the Security - Web Application Firewall (WAF) section on the Security tab of any CloudFront distribution.

To set up rate limiting

Open the CloudFront console at https://console.aws.amazon.com/cloudfront/v4/home.
In the navigation pane, choose Distributions, and then choose the distribution that you want to change.
Choose the Security tab.
In the Web Application Firewall (WAF) section, next to Rate limiting, choose Monitor mode message to display a dialog with details about the collected data. You can optionally change the rate limit. When you have fine-tuned the rate, you can choose Enable blocking (on the dialog) to deactivate monitor mode. CloudFront will start to block requests that exceed the specified rate limit.

Warning Javascript is disabled or is unavailable in your browser.

To use the Amazon Web Services Documentation, Javascript must be enabled. Please refer to your browser's Help pages for instructions.

Document Conventions

Disabling AWS WAF security protections

Using CloudFront security dashboards