Azure PostgreSQL database server with connection throttling parameter is disabled

Description

Enabling connection_throttling allows the PostgreSQL Database to set the verbosity of logged messages. It generates query and error logs with respect to concurrent connections that could lead to a successful Denial of Service (DoS) attack by exhausting connection resources. A system can also fail or be degraded by an overload of legitimate users. Query and error logs can be used to identify, troubleshoot, repair configuration errors, and address sub-optimal performance issues.

We recommend you set connection_throttling to On for PostgreSQL Server Databases.

Fix - Runtime

Azure Portal

To change the policy using the Azure Portal, follow these steps:

1. Log in to the Azure Portal at https://portal.azure.com.
2. Navigate to Azure Database for PostgreSQL server.
3. For each database:
   a) Click Server parameters.
   b) Navigate to connection_throttling.
   c) Click On.
   d) Click Save.

CLI Command

To update the connection_throttling configuration, use the following command:

az postgres server configuration set 
--resource-group <resourceGroupName> 
--server-name <serverName> 
--name connection_throttling 
--value on

Fix - Buildtime

Terraform

• Resource: azurerm_postgresql_configuration
• Arguments: name + value

- resource "azurerm_postgresql_configuration" "example" {
-    name                = "connection_throttling"
-    resource_group_name = data.azurerm_resource_group.example.name
-    server_name         = azurerm_postgresql_server.example.name
-    value               = "off"
}