AEM Security Vulnerability (Bypassing CDN and Dispatcher)

Hello All,

we have pretty strong dispatcher and CDN blockers restricting only required URL's. What we noticed that once we identify a valid content path for a site, its pretty much easy to by pass CDN and dispatcher eventually increasing the CPU Utilization. If its a planned dynamic IP flood of HTTP requests with valid URL, all such requests will reach AEM (Given an example scenario)

Home Page - /content/site/country/language/home.html

Vulnerable URL - /content/site/country/language/home123.html (any number of such URL's can be formed and triggered from simple hacking tools)

Has anyone come across such use case, as I feel its pretty much a key vulnerability.

Recommendation from Core Engg team was to limit requests coming through CDN to a specific amount and increase AEM infra.

Please share in your thoughts..

Thanks

Abdul