Description

Enable connection throttling on PostgreSQL flexible servers.

Rationale

Enabling connection_throttling helps PostgreSQL limit concurrent connections that could lead to a Denial of Service (DoS) attack by exhausting connection resources. A system can also fail or be degraded by an overload of legitimate users. Query and error logs can be used to identify, troubleshoot, and repair configuration errors and suboptimal performance.

Audit

From Azure Portal

Log in to Azure Portal using https://portal.azure.com.
Go to Azure Database for PostgreSQL flexible servers.
For each database, under Settings, click Server parameters.
In the filter bar, type connection_throttle.enable.
Ensure that VALUE for connection_throttle.enable is set to ON.

From Azure CLI

Ensure the following command returns a value of ON:

az postgres flexible-server parameter show \
    --resource-group {{resource-group-name}} \
    --server-name {{server-name}} \
    --name connection_throttle.enable

From PowerShell

Ensure the following command returns a Value of ON:

Get-AzPostgreSqlFlexibleServerConfiguration `
    -ResourceGroupName {{resource-group-name}} `
    -ServerName {{server-name}} `
    -Name connection_throttle.enable

From Azure Policy

If referencing a digital copy of this Benchmark, clicking a Policy ID will open a link to the associated Policy definition in Azure.

Policy ID: dacf07fa-0eea-4486-80bc-b93fae88ac40 - Name: Connection throttling should be enabled for PostgreSQL flexible servers

Default Value

By default, connection_throttle.enable is disabled (set to off).

Rationale​

Audit​

From Azure Portal​

From Azure CLI​

From PowerShell​

From Azure Policy​

Default Value​

References​