Hi,
We have encountered malicious load-based attacks (DDoS, HTTP Flood) in recent days, affecting an APEX application that includes public pages. As a result, thousands of new SESSION_IDs were generated in APEX.
How can such attacks be mitigated or prevented?
How can we ensure that APEX does not create a new SESSION\_ID unless authentication is successful?
Would it be advisable to place public pages in a separate application, isolating them from non-public pages?
What settings should be applied in Shared Components, specifically in Security Attributes and Authentication Schemes?
I look forward to all ideas.
Best regards:
Kalman Viktor