Magento Forums
Help
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 

/rest/default/V1/guest-carts/ open to DDOS

‎02-21-2025 10:51 AM
‎02-21-2025 10:51 AM

Re: /rest/default/V1/guest-carts/ open to DDOS

But the IP is not the server, the request comes from the users browser and clearly the attackers have figured out how to easily spoof the referrer etc.

 

It's insane to me this is so easily exploited without an official patch / workaround. As usual seems like Magento OS customers are just left to whither on the vine...

0 Kudos
Reply
‎05-07-2025 03:05 AM
‎05-07-2025 03:05 AM

Re: /rest/default/V1/guest-carts/ open to DDOS

I ran into the same issue and noticed a huge spike in resource usage. Turns out someone was hammering the guest cart endpoint over and over, likely using a tool like an IP Booter. I fixed it by adding a rate limit on that specific endpoint in my web server config and also put in a WAF rule to catch similar patterns early. Made a big difference in keeping things stable.

0 Kudos
Reply