AWS strongly recommends protecting against HTTP request floods by using rate-based rules in AWS WAF to automatically 'Block' or 'Challenge' requests matching a specific aggregation key (which is by default 'IP address'), when the number of requests received in a configurable sliding window exceeds a threshold that you define. Offending client IP addresses will receive an HTTP 403 forbidden response (or configured block error response code/body) and remain blocked until request rates drop below the threshold.
閾値を超えたら閾値よりリクエストが下がるまで全りくえすとがブロックされて403になる
