A SysOps Administrator observes a large number of rogue HTTP requests on an Application Load Balancer (ALB). The requests originate from various IP addresses. Which action should be taken to block this traffic?
A.
Use Amazon CloudFront to cache the traffic and block access to the web servers
B.
Use Amazon GuardDuty to protect the web servers from bots and scrapers
C.
Use AWS Lambda to analyze the web server logs, detect bot traffic, and block the IP address in the security groups
D.
Use AWS WAF rate-based blacklisting to block this traffic when it exceeds a defined threshold
In this scenario, rate-based blacklisting is an effective approach to block the rogue HTTP requests. Rate-based blacklisting allows you to set a threshold for the number of requests from an IP address within a specified time frame. When the threshold is exceeded, AWS WAF can automatically block the IP address, preventing further malicious or excessive requests from reaching the web servers behind the ALB.
Because Amazon GuardDuty does not protect the application layer.
GuardDuty uses AI and inspect logs and protects AWS Accounts, workloads and data stored in S3.
D is the correct answer.
A voting comment increases the vote count for the chosen answer by one.
Upvoting a comment with a selected answer will also increase the vote count towards that answer by one.
So if you see a comment that you already agree with, you can upvote it instead of posting a new comment.
nicat
Highly Voted 2 years, 7 months agoalbert_kuo
Most Recent 9 months, 3 weeks agoalexsandroe
2 years, 6 months agoRicardoD
2 years, 6 months agoabhishek_m_86
2 years, 6 months agojackdryan
2 years, 6 months agoMFDOOM
2 years, 7 months agoshammous
2 years, 7 months agoAWS1212
2 years, 7 months ago