Hi team,
Our consumers are requesting us to log credentials when there’s a Spike Arrest trigger.
But our Spike arrest policy is currently set to execute before authentication policy, which we think is the right order, so that in the case of a ddos attack we don’t overload the resources by checking for authentication for every spam request. Is this a right assumption or having Advanced API security and Cloud Armor WAF controls should prevent this from ahppening automatically?
Or in other words, is it safe to keep the spike arrest policy after the authentication policy?