Limiting servlet calls so they cannot be summoned by Curl programs like postman

Question

Greetings,Recently we have had some issues with bad actors flooding our systems with calls in registration and rememberPass pages, the call we make for this processes to an external api goes through our java using servlets, and we were wondering, how can we stop flooding requests to our servlets through botting or other malicious means.Filtering through domain does not seem very good since you can just fake that in the call. Using cors does not seem ideal aswell since you can tamper with that header. Maybe the cors header in dispatcher, some kind of check through the ResourceResolver?We will appreciate any recommendation on how to deal with this issue Best Regards,Daniel

joerghoh · Accepted Answer

And in case of AEM CS you can also use the Traffic Rules to ratelimit and/or block such requests. Check the documentation on Traffic Rules at https://experienceleague.adobe.com/en/docs/experience-manager-cloud-service/content/security/traffic-filter-rules-including-waf

Lokesh_Vajrala · Answer

Hi @danielma63

I believe adding the reCAPTCHA to the form would eliminate the spam and bot activity. You can also look at other alternatives - You can refer the documentation - https://experienceleague.adobe.com/en/docs/experience-manager-cloud-service/content/edge-delivery/build-forms/universal-editor/recaptcha-forms

Thanks,

Lokesh

Sign up

Login with SSO

Login to the community

Login with SSO

Scanning file for viruses.

This file cannot be downloaded