Greetings,
Recently we have had some issues with bad actors flooding our systems with calls in registration and rememberPass pages, the call we make for this processes to an external api goes through our java using servlets, and we were wondering, how can we stop flooding requests to our servlets through botting or other malicious means.
Filtering through domain does not seem very good since you can just fake that in the call.
Using cors does not seem ideal aswell since you can tamper with that header.
Maybe the cors header in dispatcher, some kind of check through the ResourceResolver?
We will appreciate any recommendation on how to deal with this issue
Best Regards,
Daniel
