I am running a site that uses netlify functions, the site is a public facing marketing website. It has some forms that handle submitting leads and signing up for service with the company. These forms use lambda functions as their backend, and this has been working fine. We recently noticed a large amount of junk requests hitting one of these lambda function directly and have been trying to determine a way to restrict who can call this function. I did some digging into Identity, but that doesn’t look like it will help us because it’s designed to provide means for authenticating users, which is a concept that we don’t support on this site.
Basically, my question is: how do I restrict what can send requests to a lambda function such that someone can’t simply replay requests and potentially run a denial of service attack against my site?