Which solution meets these requirements?

By:
On:
In: SCS-C01
Tagged:
With: 0 Comments
A company is hosting a web application on Amazon EC2 instances behind an Application Load Balancer (ALB).The application has become the target of a DoS attack.Application logging shows that requests are coming from small number of client IP addresses, but the addresses change regularly.The company needs to block the malicious traffic with a solution that requires the least amount of ongoing effort.

Which solution meets these requirements?

Create an AWS WAF rate-based rule, and attach it to the ALB.

Update the security group that is attached to the ALB to block the attacking IP addresses.

Update the ALB subnet’s network ACL to block the attacking client IP addresses.

Create a AWS WAF rate-based rule, and attach it to the security group of the EC2 instances.

Explanations:

Creating an AWS WAF rate-based rule allows you to automatically block IP addresses that exceed a specified request rate, effectively mitigating the impact of DoS attacks. This solution requires minimal ongoing effort as AWS WAF can adapt to changing IP addresses over time.

Updating the security group to block the attacking IP addresses would require continuous manual updates as the addresses change regularly, making it less efficient and more labor-intensive.

Modifying the network ACL to block the attacking IP addresses also involves manual updates, similar to security groups, and may introduce complexity as it applies to entire subnets rather than specific traffic patterns.

Attaching a rate-based rule to the security group of the EC2 instances does not provide the same level of protection as directly attaching it to the ALB. Security groups cannot process rules that track request rates, making this option ineffective for blocking DoS traffic efficiently.

Leave a Reply

Your email address will not be published. Required fields are marked *

5 + 1 =