Skip to content

block malicious traffic with 429 code #1648

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Merged
FuhuXia merged 2 commits into from
Jun 17, 2025
Merged

block malicious traffic with 429 code #1648

FuhuXia merged 2 commits into from
Jun 17, 2025

Conversation

@FuhuXia
Copy link
Member

@FuhuXia FuhuXia commented Jun 10, 2025

This works together with AWS WAF rules and Advanced Shield. If a request is marked by AWS with header http_x_amzn_waf_detection, we respond with 429 code.

image

@FuhuXia FuhuXia requested review from a team and Copilot June 10, 2025 20:50
Copilot AI reviewed Jun 10, 2025
View reviewed changes
Copy link

Copilot AI left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Pull Request Overview

This PR adds a custom 429 error page and configures NGINX to return it for requests flagged as malicious by AWS WAF.

  • Introduce 429.html template for “Unusual Activity Detected” responses
  • Include nginx-malicious429.conf to detect http_x_amzn_waf_detection and return 429
  • Update nginx.conf to load the new malicious-traffic rules

Reviewed Changes

Copilot reviewed 3 out of 3 changed files in this pull request and generated 3 comments.

File Description
proxy/public/429.html New static error page for HTTP 429 responses
proxy/nginx.conf Added include for nginx-malicious429.conf
proxy/nginx-malicious429.conf New rules to block WAF-detected malicious requests (429)
Comments suppressed due to low confidence (2)

proxy/public/429.html:6

  • Add a <meta charset="utf-8"> tag near the top of <head> to explicitly declare the page’s character encoding and avoid potential rendering issues.
<meta name="viewport" content="width=device-width, initial-scale=1.0">

proxy/nginx-malicious429.conf:1

  • There are no automated tests covering this new malicious-traffic rule. Consider adding an integration test to verify that requests with the http_x_amzn_waf_detection: malicious header receive a 429 response and render the custom error page.
# block malicious requests detected by AWS WAF

jbrown-xentity
jbrown-xentity approved these changes Jun 17, 2025
View reviewed changes
Copy link
Contributor

@jbrown-xentity jbrown-xentity left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

LGTM!

@FuhuXia FuhuXia merged commit 82b07ce into main Jun 17, 2025
13 checks passed
@FuhuXia FuhuXia deleted the block-malicious-429 branch June 17, 2025 13:52
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

Copilot code review Copilot Copilot left review comments

@jbrown-xentity jbrown-xentity jbrown-xentity approved these changes

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

3 participants

@FuhuXia @jbrown-xentity