PostgreSQL Database configuration ‘connection_throttling’ should be on

Description

Enabling connection_throttling helps the PostgreSQL Database to Set the verbosity of logged messages which in turn generates query and error logs with respect to concurrent connections, that could lead to a successful Denial of Service (DoS) attack by exhausting connection resources.

Remediation Steps

Azure Portal

• Navigate to Azure Database for PostgreSQL servers.

• Select the PostgreSQL server.

• In the left navigation, select Server parameters.

• In connection_throttling, select ON.

• Click Save.

Azure CLI

• To enable connection_throttling:

az postgres server configuration set --resource-group <resourceGroupName> --server-name <serverName> --name connection_throttling --value on

Azure Resource Manager

• Ensure that a Microsoft.DBforPostgreSQL/servers/configurations resource contains the following:

{
  "name": "connection_throttling",
  "properties": {
    "value": "on"
  }
}

Example Configuration

{
  "type": "Microsoft.DBforPostgreSQL/servers/configurations",
  "apiVersion": "2017-12-01",
  "name": "connection_throttling",
  "properties": {
    "value": "on"
  }
  # other required fields here
}

Terraform

• Ensure that an azurerm_postgresql_configuration contains the following:

  • name = “connection_throttling”

  • value = “on”

Example Configuration

resource "azurerm_postgresql_configuration" "example" {
  name  = "connection_throttling"
  value = "on"

  # other required fields here
}

Documentation Links

Runtime

• Monitor and tune Azure Database for PostgreSQL - Single Server

• CLI: az postgres server configuration set

Azure Resource Manager

• Microsoft.DBforPostgreSQL/servers/configurations

Terraform

• Resource: azurerm_postgresql_configuration