Blocking DoS, DDoS and sophisticated attacks using traffic filter rules
- Applies to:
- Experience Manager as a Cloud Service
- Topics:
- Security
- Operations
CREATED FOR:
- Intermediate
- Admin
- Developer
Learn how to block Denial of Service (DoS), Distributed Denial of Service (DDoS) and sophisticated attacks using traffic filter rules in the AEM as a Cloud Service (AEMCS) managed CDN.
These attacks cause traffic spikes at the CDN and potentially at the AEM Publish service (aka origin) and can impact site responsiveness and availability.
This article provides an overview of the default protections for your AEM website, and how to extend those protections through customer configuration. It also describes how to analyze traffic patterns and configure standard traffic filter rules to block those attacks.
Default protections in AEM as a Cloud Service
Let’s understand the default DDoS protections for your AEM website:
- Caching: With good caching policies, the impact of a DDoS attack is more limited because the CDN prevents most requests from going to the origin and causing performance degradation.
- Autoscaling: The AEM author and publish services autoscale to handle traffic spikes, although they can still be impacted by sudden, massive increases in traffic.
- Blocking: The Adobe CDN blocks traffic to the origin if it exceeds an Adobe-defined rate from a particular IP address, per CDN PoP (Point of Presence).
- Alerting: The Actions Center sends a traffic spike at origin alert notification when traffic exceeds a certain rate. This alert fires off when traffic to any given CDN PoP exceeds an Adobe-defined request rate per IP address. See Traffic Filter Rules Alerts for more details.
These built-in protections should be considered a baseline for an organization’s ability to minimize the performance impact of a DDoS attack. Since each website has different performance characteristics and may see that the performance degradation before the Adobe-defined rate limit is met, it is recommended to extend the default protections through customer configuration.
Extending protection with traffic filter rules
Let’s look at some additional, recommended measures that customers can take to protect their websites from DDoS attacks:
- Implement Adobe-recommended standard traffic filter rules to identify potentially malicious traffic patterns by logging and alerting on suspicious behavior.
- Use the WAF-DDoS Protection or Enhanced Security add-on and implement Adobe-recommended WAF Traffic Filter Rules to defend against sophisticated attacks, including those using advanced protocol or payload-based techniques.
- Increase cache coverage by configuring request transformations to ignore unnecessary query parameters.
Get Started
Explore the following tutorials to configure Adobe-recommneded rules to block attacks.
How to set up traffic filter rules including WAF rules
Learn how to set up to create, deploy, test, and analyze the results of traffic filter rules including WAF rules.
Protecting AEM websites using standard traffic filter rules
Learn how to protect AEM websites from DoS, DDoS and bot abuse using Adobe-recommended standard traffic filter rules in AEM as a Cloud Service.
Protecting AEM websites using WAF traffic filter rules
Learn how to protect AEM websites from sophisticated threats including DoS, DDoS, and bot abuse using Adobe-recommended Web Application Firewall (WAF) traffic filter rules in AEM as a Cloud Service.