Our application is hosted in AWS and I am looking for firewall solution to avoid DDoS / http request flood. On this regards AWS Offers 3 solutions
But both of them works on basis on request origination from an IP. Here challenge is, if there's an office connection where employees are accessing our website, all reuqest come via single IP and website becomes not accessible for them. So what the best solution to implement https flood but allowing connections in above scenarion ?
Firstly you will get AWS Shield Basic when you use an AWS WAF so this will help to mitigate against DDOS attacks.
Regarding implementing WAF with Rate Limiting, you actually apply rule sets with them applied in a specific order, whichever one is evaluated first will actually receive the action.
If you add more than one rule to a web ACL, AWS WAF evaluates each request against the rules in the order that you list them in the web ACL.
This means if you had a WAF rule to allow traffic from your on-premise IP address and set this as the first rule, it should never be blocked from the rate limiting rule as it will be evaluated before that rule.
For more information take a look at the How AWS WAF processes a web ACL page.