0)What mitigation can be applied to block attacks resulting from this bug while continuing to service legitimate requests?
Create a rule in AWS WAF rules with conditions that block requests based on the presence of ExampleGame/1.22 in the User-Agent header
Create a geographic restriction on the CloudFront distribution to prevent access to the application from most geographic regions
Create a rate-based rule in AWS WAF to limit the total number of requests that the web application services.
Create an IP-based blacklist in AWS WAF to block the IP addresses that are originating from requests that contain ExampleGame/1.22 in the User-Agent header.
Explanations:
Creating a rule in AWS WAF to block requests based on the presence ofExampleGame/1.22in the User-Agent header is an effective way to block malicious traffic while allowing legitimate requests to pass through. This directly targets the identified exploit (the user-agent string), making it a precise and focused mitigation strategy.
Geographic restrictions on CloudFront would block access from entire regions, which is too broad a measure. It could result in denying legitimate users from certain regions, which is not the most targeted approach to mitigating the attack.
A rate-based rule in AWS WAF would limit the total number of requests, but it may not be effective against a volumetric attack where the attacker sends a large number of requests in a short time from a wide range of IP addresses. Rate limiting may also affect legitimate users, particularly in regions or times with high traffic, making it less optimal for this scenario.
Blocking IP addresses based on the User-Agent header is not an effective strategy because the attack could originate from many different IP addresses, and blocking them would not prevent new IP addresses from being used in the attack. Additionally, legitimate users may also be affected if they share the same IP range as attackers.