🔥 3-day streak
AWS Certified Security - Specialty156 / 157
Question 156 of 157
A retail company runs a public product-catalog API behind an Application Load Balancer with AWS WAF attached. Security operations notices that a small set of source IPs is scraping the `/api/products` endpoint at very high request rates, degrading performance for legitimate users. Normal customers rarely exceed 100 requests per 5-minute window to that endpoint, while the scrapers generate thousands. The team wants to automatically throttle only the abusive clients targeting that specific path, without impacting other API paths or normal traffic. Which AWS WAF configuration best meets this requirement?
Reviewed for accuracy · Report an issueNext question