Description

Enable connection throttling on ё.

Rationale

Enabling connection_throttling helps the PostgreSQL Database to Set the verbosity of logged messages. This in turn generates query and error logs with respect to concurrent connections that could lead to a successful Denial of Service (DoS) attack by exhausting connection resources. A system can also fail or be degraded by an overload of legitimate users. Query and error logs can be used to identify, troubleshoot, and repair configuration errors and sub-optimal performance.

Audit

From Azure Portal

Login to Azure Portal using https://portal.azure.com.
Go to Azure Database for PostgreSQL flexible servers.
For each database, under Settings, click Server parameters.
In the filter bar, type connection_throttle.enable.
Ensure that VALUE for connection_throttle.enable is set to ON.

From Azure CLI

Ensure the below command returns a value of ON:

az postgres flexible-server parameter show --resource-group <resourceGroup> --server-name <serverName> --name connection_throttle.enable

From PowerShell

Ensure the below command returns a Value of ON:

Get-AzPostgreSqlFlexibleServerConfiguration -ResourceGroupName <resourceGroup> -ServerName <serverName> -Name connection_throttle.enable

From Azure Policy

If referencing a digital copy of this Benchmark, clicking a Policy ID will open a link to the associated Policy definition in Azure.

Policy ID: dacf07fa-0eea-4486-80bc-b93fae88ac40 - Name: Connection throttling should be enabled for PostgreSQL flexible servers

Default Value

By default, connection_throttle.enable is disabled (set to off).

Rationale​

Audit​

From Azure Portal​

From Azure CLI​

From PowerShell​

From Azure Policy​

Default Value​

References​