My Team and I manage a Jira instance with several projects that can be viewed by anonymous users, and we found ourselves on the receiving end of what appears to be a DDoS attack, where anonymous users made several thousand HTTP requests to a project in 5 minutes.
These projects need to be publicly accessible, and it is possible this was just caused by many people clicking the same link at once, but we still need to find a way to prevent this as it also caused the entire Jira instance to go down, along with a linked Confluence instance.
Has anyone experienced a similar scenario, and how did you react to it while allowing anonymous access?