You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
Two websites, https://www.havan.com.br and https://portalcliente.havan.com.br, are directly accessing images from an S3 bucket without any restrictions. This lack of access controls opens up the possibility of malicious actors exploiting the system by generating bots or scripts to spam requests. This could lead to heightened data transfer and increased costs associated with GET requests on AWS S3.
To address this issue, several measures can be taken:
Implement rate limiting to mitigate instances of spam, controlling the frequency of requests from a single source.
Utilize AWS CloudFront, a content delivery network service, to cache the images. This can help reduce the load on the S3 bucket and mitigate spam by serving cached content closer to the end users, thereby minimizing the number of requests directly hitting the S3 bucket.
By implementing these measures, the risk of spamming and associated increased costs can be mitigated, ensuring better security and cost-efficiency for the S3 bucket usage.
The text was updated successfully, but these errors were encountered:
Two websites, https://www.havan.com.br and https://portalcliente.havan.com.br, are directly accessing images from an S3 bucket without any restrictions. This lack of access controls opens up the possibility of malicious actors exploiting the system by generating bots or scripts to spam requests. This could lead to heightened data transfer and increased costs associated with GET requests on AWS S3.
To address this issue, several measures can be taken:
Implement rate limiting to mitigate instances of spam, controlling the frequency of requests from a single source.
Utilize AWS CloudFront, a content delivery network service, to cache the images. This can help reduce the load on the S3 bucket and mitigate spam by serving cached content closer to the end users, thereby minimizing the number of requests directly hitting the S3 bucket.
By implementing these measures, the risk of spamming and associated increased costs can be mitigated, ensuring better security and cost-efficiency for the S3 bucket usage.
The text was updated successfully, but these errors were encountered: