Use case
Strengthening Security with AWS WAF and Nginx Rate Limiting
- Dhruv Bardolia
About the Customer
CyvexTech is a forward-thinking security company dedicated to enhancing the security of cloud-native environments. They focus on building robust security systems to safeguard web applications and Kubernetes infrastructures from evolving threats.
Customer Challenge
CyvexTech encountered several security issues related to the rate of requests and payload sizes reaching their internal and external services. These challenges included potential API overloads from excessive requests, email flooding via password recovery paths, and DDoS attacks caused by large payloads targeting their MySQL servers. CyvexTech needed a comprehensive solution to mitigate these security risks while ensuring smooth application performance.
Solution
IAMOPS implemented a comprehensive solution utilizing AWS WAF (Web Application Firewall) and Nginx Ingress controller to mitigate the security threats. Key features of the solution included:
- Rate Limits on Internal Services: Applied through the Nginx Ingress controller within the Kubernetes cluster, ensuring custom responses for blocked traffic.
- Rate Limits on External Services: Configured through AWS WAF and CloudFront to limit external requests to 200 per minute, with clear feedback for blocked requests.
- Path-Based Rate Limits: Implemented via AWS WAF rules to prevent email flooding through excessive password recovery requests.
- Request Body Size Restriction: Applied using AWS WAF rules to prevent large payloads from overwhelming the MySQL server and protecting against DDoS attacks.
The following diagram illustrates the implemented WAF and Nginx Ingress rules for rate limiting and security:
Semantic Release Workflow
Results & Benefits
The security enhancements achieved significant results:
- Enhanced Security Posture: The solution mitigated various attack vectors, improving overall security.
- Operational Efficiency: Custom responses for blocked requests ensured better user experience while maintaining performance.
- Reduction in Malicious Traffic: 95% reduction in malicious requests targeting internal services.
- Controlled API Requests: Limited external API requests to 200 per minute, preventing potential overloads.
- Improved System Stability: DDoS attacks were mitigated by blocking oversized payloads, ensuring database and application stability.
About IAMOPS
IAMOPS is a full DevOps suite company that supports technology companies to achieve intense production readiness.
Our mission is to ensure that our clients’ infrastructure and CI/CD pipelines are scalable, mitigate failure points, optimize performance, ensure uptime, and minimize costs.
Our DevOps suite includes DevOps Core, NOC 24/7, FinOps, QA Automation, and DevSecOps to accelerate overall exponential growth.
As an AWS Advanced Tier Partner and Reseller, we focus on two key pillars: Professionalism by adhering to best practices and utilizing advanced technologies, and Customer Experience with responsiveness, availability, clear project management, and transparency to provide an exceptional experience for our clients.