Introducing a new console experience for Amazon WAF
You can now use the updated experience to access Amazon WAF functionality anywhere in the console. For more details, see Working with the updated console experience.
Rate limit the requests that are missing a specific header
To limit the number of requests that are missing a specific header, you can use the
Count all aggregation option with a scope-down statement. Configure the
scope-down statement with a logical NOT
statement containing a statement that returns
true only if the header exists and has a value.
The following JSON listing shows an example of this rule configuration.
{ "Name": "test-rbr", "Priority": 0, "Action": { "Block": {} }, "VisibilityConfig": { "SampledRequestsEnabled": true, "CloudWatchMetricsEnabled": true, "MetricName": "test-rbr" }, "Statement": { "RateBasedStatement": { "Limit": 1000, "AggregateKeyType": "CONSTANT", "EvaluationWindowSec": 300, "ScopeDownStatement": { "NotStatement": { "Statement": { "SizeConstraintStatement": { "FieldToMatch": { "SingleHeader": { "Name": "user-agent" } }, "ComparisonOperator": "GT", "Size": 0, "TextTransformations": [ { "Type": "NONE", "Priority": 0 } ] } } } } } } }