Forum Discussion

Nimbostratus

Jul 26, 2024

F5 Rules for AWS WAF - Bot Protection Rules

Bot Protection Rulesを使って、　特定のURLに30秒間で20回アクセスがあった場合に、それ以降のアクセスを拒否するというルールを作成すること可能でしょうか？ Using Bot Protection Rules, Deny further access if a specific URL is accessed 20 times in 30 second...

F5 Rules for AWS WAF

dahan

Employee

Mar 13, 2025

Hi Motoki,

You can achieve the desired behavior outside of F5 managed rules by adding a new rule to the AWS Web ACL.

While AWS may change the configuration process in the future, currently, go to Web ACLs, select the Rules tab, and click "Add my own rules and rule groups". Then, use Rule Builder to create a Rate-based rule as needed.

Hope that helps!

DevCentral Quicklinks

* Getting Started on DevCentral
* Community Guidelines
* Community Terms of Use / EULA
* Community Ranking Explained
* Community Resources
* Contact the DevCentral Team
* Update MFA on account.f5.com

Discover DevCentral Connects

* Podcasts
* Social Channels
* Video Streaming

GitHub Awesome-F5

Forum Discussion

F5 Rules for AWS WAF - Bot Protection Rules

Jonathan - March 2026 Featured Member

F5 AppWorld 2026 Las Vegas - iRules Contest Winners!

2026 F5 DevCentral MVP Announcement

Recent Discussions

block a specific user

which virtual server will be hit?

[ASM] : "Request length exceeds defined buffer size " - How to increase the limit ?

APM - Portal access - Issue

F5 bot defense - false positives

Related Content

F5 Distributed Cloud Origin Server Subset Rules

LTM Cipher rule

F5 Rules for AWS WAF - Rule ID to Attack Type Reference

F5 NGINX HTTP Request Header Rules: What’s Permitted and What’s Not

Cipher Rules And Groups in BIG-IP v13

ABOUT DEVCENTRAL

RESOURCES

SUPPORT

PARTNERS