Proactive alert due to traffic spike at AEM origin
AEM as a Cloud Service (AEMaaCS) triggered a proactive alert due to a traffic spike at the origin, showing high connection counts and increased origin requests. To fix this, analyze logs to identify traffic sources, configure rules to block unwanted requests, apply rate-limiting, verify scheduled activities, and update settings to prevent future spikes.
Description description
Environment
ÃÛ¶¹ÊÓƵ Experience Manager as a Cloud Service (AEMaaCS) – Sites, production environment.
Issue/Symptoms
AEMaaCS triggered a proactive alert due to a traffic spike at the origin. The alert showed high connection counts and increased origin requests, raising concerns about specific content or endpoints causing performance issues.
Resolution resolution
Follow these steps to address traffic spikes at the origin:
- Analyze logs to identify IP addresses contributing to the spike. Check if the traffic pattern matches security scans or attacks across multiple paths.
- Configure rules to ignore marketing parameters in incoming requests. Block requests with uncommon file extensions like
.php. - Adjust existing rate-limiting rules or create new ones in logging mode to monitor fetch counts.
- Move new rate limiters from logging mode to blocking mode after confirming optimal values.
- Apply rules to detect and rate-limit IPs involved in attacks to slow down malicious activity without fully blocking access.
- Verify if internal security scans or tests ran during the spike period.
- Monitor traffic patterns regularly and update configurations to prevent future spikes.
Related reading
- Request Transformations in AEM as a Cloud Service User Guide.
- Rate Limit Rules in AEM as a Cloud Service User Guide.
recommendation-more-help
3d58f420-19b5-47a0-a122-5c9dab55ec7f