we have pretty strong dispatcher and CDN blockers restricting only required URL's. What we noticed that once we identify a valid content path for a site, its pretty much easy to by pass CDN and dispatcher eventually increasing the CPU Utilization. If its a planned dynamic IP flood of HTTP requests with valid URL, all such requests will reach AEM (Given an example scenario)
Home Page - /content/site/country/language/home.html
Vulnerable URL - /content/site/country/language/home123.html (any number of such URL's can be formed and triggered from simple hacking tools)
Has anyone come across such use case, as I feel its pretty much a key vulnerability.
Recommendation from Core Engg team was to limit requests coming through CDN to a specific amount and increase AEM infra.
Please share in your thoughts..