DocumentationAEMAEM TutorialsAEM as a Cloud Service Tutorials

Blocking DoS, DDoS and sophisticated attacks using traffic filter rules

Last update: Wed Jul 16 2025 00:00:00 GMT+0000 (Coordinated Universal Time)
  • Applies to:
  • Experience Manager as a Cloud Service
  • Topics:
  • Security
  • Operations

CREATED FOR:

  • Intermediate
  • Admin
  • Developer

Learn how to block Denial of Service (DoS), Distributed Denial of Service (DDoS) and sophisticated attacks using traffic filter rules in the AEM as a Cloud Service (AEMCS) managed CDN.

These attacks cause traffic spikes at the CDN and potentially at the AEM Publish service (aka origin) and can impact site responsiveness and availability.

This article provides an overview of the default protections for your AEM website, and how to extend those protections through customer configuration. It also describes how to analyze traffic patterns and configure standard traffic filter rules to block those attacks.

Default protections in AEM as a Cloud Service

Let’s understand the default DDoS protections for your AEM website:

  • Caching: With good caching policies, the impact of a DDoS attack is more limited because the CDN prevents most requests from going to the origin and causing performance degradation.
  • Autoscaling: The AEM author and publish services autoscale to handle traffic spikes, although they can still be impacted by sudden, massive increases in traffic.
  • Blocking: The Adobe CDN blocks traffic to the origin if it exceeds an Adobe-defined rate from a particular IP address, per CDN PoP (Point of Presence).
  • Alerting: The Actions Center sends a traffic spike at origin alert notification when traffic exceeds a certain rate. This alert fires off when traffic to any given CDN PoP exceeds an Adobe-defined request rate per IP address. See Traffic Filter Rules Alerts for more details.

These built-in protections should be considered a baseline for an organization’s ability to minimize the performance impact of a DDoS attack. Since each website has different performance characteristics and may see that the performance degradation before the Adobe-defined rate limit is met, it is recommended to extend the default protections through customer configuration.

Extending protection with traffic filter rules

Let’s look at some additional, recommended measures that customers can take to protect their websites from DDoS attacks:

  • Implement Adobe-recommended standard traffic filter rules to identify potentially malicious traffic patterns by logging and alerting on suspicious behavior.
  • Use the WAF-DDoS Protection or Enhanced Security add-on and implement Adobe-recommended WAF Traffic Filter Rules to defend against sophisticated attacks, including those using advanced protocol or payload-based techniques.
  • Increase cache coverage by configuring request transformations to ignore unnecessary query parameters.

Get Started

Explore the following tutorials to configure Adobe-recommneded rules to block attacks.

How to set up traffic filter rules including WAF rules

How to set up traffic filter rules including WAF rules

Learn how to set up to create, deploy, test, and analyze the results of traffic filter rules including WAF rules.

Start Now

Protecting AEM websites using standard traffic filter rules

Protecting AEM websites using standard traffic filter rules

Learn how to protect AEM websites from DoS, DDoS and bot abuse using Adobe-recommended standard traffic filter rules in AEM as a Cloud Service.

Apply Rules

Protecting AEM websites using WAF traffic filter rules

Protecting AEM websites using WAF traffic filter rules

Learn how to protect AEM websites from sophisticated threats including DoS, DDoS, and bot abuse using Adobe-recommended Web Application Firewall (WAF) traffic filter rules in AEM as a Cloud Service.

Activate WAF

recommendation-more-help
4859a77c-7971-4ac9-8f5c-4260823c6f69