Our website is currently facing a massive influx of requests from millions of IPv4 addresses. These requests occur intermittently; they ask for a page, execute JavaScript (as indicated by events recorded in Google Analytics), and then disappear only to return after a while with different URLs. While our site can manage this increased traffic (which is over 20 times our usual volume), the excessive data is distorting our traffic metrics. I suspect the cause is a botnet since the WAF Challenge does not seem to deter them (probably because they're running JavaScript on real devices). My main question is how effective AWS Shield Advanced would be in detecting these requests, and are there alternative solutions besides implementing CAPTCHA for all users?
5 Answers
Have you checked the countries of origin for these IPs? If they're primarily from regions where you don't do business, setting up geo-blocking rules in WAF could help.
This might sound off, but sometimes your own code can end up acting like a DDoS. Even big players like Cloudflare have tripped themselves up with this. It's worth checking!
I double-checked our code, and I'm pretty sure it’s not the issue. Appreciate the heads up!
AWS Shield doesn't inherently protect against application layer attacks like this one, especially since the traffic appears human-like with low volume from each IP. The advanced features in Shield Advanced involve AI capabilities that could block this type of traffic, but they come at a high cost.
Got it. So if Shield isn't an option, are there other ways to tackle this issue effectively?
AWS Shield Advanced will first need to establish a baseline of your normal traffic to effectively help you. Although it's pricey, you gain access to a dedicated support team during emergencies. Meanwhile, others are finding success with the cheaper WAF DDoS protection rules that AWS has introduced.
Thanks for the tip! I might give those new DDoS rules a shot.
While Shield Advanced can be pricey, it also locks you into long-term commitments. Have you thought about using Cloudflare? Many users are protecting their AWS resources with it before diving into expensive options.
Yeah, the cost of Shield Advanced is a bit much for us. We were considering a trial, but a year commitment at $3k/month is risky. Cloudflare seems more appealing but transitioning away from CloudFront sounds tough.
The requests are coming from all over—US, Brazil, India, and more, which aligns with compromised devices. I did try geo-blocking, but it didn’t work until I switched to CAPTCHA.