From b3a5c384eaf4f794ac77d2e8e82efe1cdf165376 Mon Sep 17 00:00:00 2001
From: "Michael B. Klein" <mbklein@gmail.com>
Date: Wed, 29 May 2024 17:59:53 +0000
Subject: [PATCH] Change WAF rules to rate limit all non-browser UAs

---
 firewall/security_firewall.tf | 12 ++++++------
 1 file changed, 6 insertions(+), 6 deletions(-)

diff --git a/firewall/security_firewall.tf b/firewall/security_firewall.tf
index 5e816ec..230d8b1 100644
--- a/firewall/security_firewall.tf
+++ b/firewall/security_firewall.tf
@@ -267,7 +267,7 @@ resource "aws_wafv2_web_acl" "security_firewall" {
             statement {
               label_match_statement {
                 scope = "LABEL"
-                key   = "awswaf:managed:aws:bot-control:bot:category:http_library"
+                key   = "awswaf:managed:aws:bot-control:signal:non_browser_user_agent"
               }
             }
           }
@@ -299,13 +299,13 @@ resource "aws_wafv2_web_acl" "security_firewall" {
     statement {
       rate_based_statement {
         aggregate_key_type = "IP"
-        limit              = var.global_rate_limit
+        limit              = var.global_rate_limit / 4
 
         scope_down_statement {
-          label_match_statement {
-            scope = "LABEL"
-            key   = "awswaf:managed:aws:bot-control:bot:category:http_library"
-          }
+            label_match_statement {
+              scope = "LABEL"
+              key   = "awswaf:managed:aws:bot-control:signal:non_browser_user_agent"
+            }
         }
       }
     }