DocumentationAEMAEM TutorialsAEM Foundation Tutorials

Understanding DoS/DDoS prevention in AEM

Last update: Sun Mar 23 2025 00:00:00 GMT+0000 (Coordinated Universal Time)
  • Applies to:
  • Experience Manager 6.5
  • Experience Manager as a Cloud Service

CREATED FOR:

  • Beginner
  • Admin
  • Developer

Learn about the options available to prevent and mitigate DoS and DDoS attacks on your AEM environment. Before diving into the prevention mechanisms, a brief overview of DoS and DDoS.

  • DoS (Denial of Service) and DDoS (Distributed Denial of Service) attacks are both malicious attempts to disrupt the normal functioning of a targeted server, service, or network, making it inaccessible to its intended users.
  • DoS attacks typically originate from a single source, while DDoS attacks come from multiple sources.
  • DDoS attacks are often larger in scale compared to DoS attacks due to the combined resources of multiple attacking devices.
  • These attacks are carried out by flooding the target with excessive traffic, and exploit vulnerabilities in network protocols.

The following table describes how to prevent and mitigate DoS and DDoS attacks:

Prevention Mechanism
Description
AEM as a Cloud Service
AEM 6.5 (AMS)
AEM 6.5 (On-prem)
Web Application Firewall (WAF)
A security solution designed to protect web applications from various types of attacks.
WAF-DDoS Protection license
AWS or Azure WAF via AMS contract.
Your preferred WAF
ModSecurity
ModSecurity (aka `mod_security` Apache module) is an open-source, cross-platform solution that provides protection from a range of attacks against web applications.
In AEM as a Cloud Service, this is only applicable to AEM Publish service as there is no Apache web server and AEM Dispatcher in front of AEM Author service.
Enable ModSecurity
Traffic filter rules
Traffic filter rules can be used to block or allow requests at the CDN layer.
Example traffic filter rules
AWS or Azure rule limiting features.
Your preferred solution

Post-incident analysis and continuous improvement

While there isn’t a one-size-fits-all standard flow for identifying and preventing DoS/DDoS attacks and it depends on your organization’s security process. The post-incident analysis and continuous improvement is a crucial step in the process. Here are some best practices to consider:

  • Identify the root cause of the DoS/DDoS attack by conducting a post-incident analysis, including reviewing logs, network traffic, and system configurations.
  • Improve prevention mechanisms based on the findings from the post-incident analysis.
recommendation-more-help
c92bdb17-1e49-4e76-bcdd-89e4f85f45e6