Expand my Community achievements bar.

Submissions are now open for the 2026 Adobe Experience Maker Awards.
Apply Now
SOLVED

Limiting servlet calls so they cannot be summoned by Curl programs like postman

Avatar

Level 2
Level 2
8/8/25 1:52:54 AM

Greetings,

Recently we have had some issues with bad actors flooding our systems with calls in registration and rememberPass pages, the call we make for this processes to an external api goes through our java using servlets, and we were wondering, how can we stop flooding requests to our servlets through botting or other malicious means.

Filtering through domain does not seem very good since you can just fake that in the call.

 

Using cors does not seem ideal aswell since you can tamper with that header.

 

Maybe the cors header in dispatcher, some kind of check through the ResourceResolver?

We will appreciate any recommendation on how to deal with this issue

 

Best Regards,

Daniel

Topics

Topics help categorize Community content and increase your ability to discover relevant content.

Experience Manager Experience Manager as a Cloud Service Security

Views

248

Replies

3
Sign in to like this content

Total Likes

Translate
Translate
1 Accepted Solution

Avatar

Correct answer by
Employee Advisor
Employee Advisor
8/16/25 1:58:39 AM

And in case of AEM CS you can also use the Traffic Rules to ratelimit and/or block such requests. Check the documentation on Traffic Rules at https://experienceleague.adobe.com/en/docs/experience-manager-cloud-service/content/security/traffic...

View solution in original post

Views

126

Replies

0
Sign in to like this content

Total Likes

Translate
Translate
Jump to reply
3 Replies

Avatar

Community Advisor
Community Advisor
8/8/25 8:15:49 AM

Hi @DanielMa63  

I believe adding the reCAPTCHA to the form would eliminate the spam and bot activity. You can also look at other alternatives - You can refer the documentation - https://experienceleague.adobe.com/en/docs/experience-manager-cloud-service/content/edge-delivery/bu... 

 

Thanks,

Lokesh

Views

232

Replies

0
Sign in to like this content

Total Likes

Translate
Translate

Avatar

Community Advisor
Community Advisor
8/8/25 11:57:25 AM

Hi @DanielMa63 ,

Apart from captcha there can be WAF rules and ModSecurity ennoblement can help preventing flooding , DoS, DDoS, etc
https://experienceleague.adobe.com/en/docs/experience-manager-learn/cloud-service/security/traffic-f...

Thanks

Views

225

Replies

0
Sign in to like this content

Total Likes

Translate
Translate

Avatar

Correct answer by
Employee Advisor
Employee Advisor
8/16/25 1:58:39 AM

And in case of AEM CS you can also use the Traffic Rules to ratelimit and/or block such requests. Check the documentation on Traffic Rules at https://experienceleague.adobe.com/en/docs/experience-manager-cloud-service/content/security/traffic...

Views

127

Replies

0
Sign in to like this content

Total Likes

Translate
Translate
Jump to reply
Related Conversations
Call Center Super Air Jet

Views

4

Likes

0

Replies

1
Call Center Trip.com

Views

25

Likes

0

Replies

1
Call Center Agoda Indonesia 0811477566

Views

34

Likes

0

Replies

1
Call Center Agoda Jakarta +62 83800140414

Views

32

Likes

0

Replies

1
Cs Agoda & Call Center Agoda Hubungi Customer Service Agoda

Views

67

Likes

0

Replies

1