Verify that server parameter 'connection_throttling' is set to 'ON' for PostgreSQL Database Server
Why this matters
This setting ensures the PostgreSQL server logs additional details about concurrent connection attempts. These logs are essential for identifying and investigating performance degradation or denial-of-service (DoS) conditions—whether triggered by malicious actors or unexpected spikes in legitimate usage.
Without this setting enabled, connection-related issues may go unlogged, leaving teams blind to resource exhaustion risks and unable to perform proper diagnostics.
What this check does
This Auto Check evaluates the configuration of the PostgreSQL server parameter connection_throttling
.
Check Logic:
Passes if:
connection_throttling
is explicitly set to on
.
Fails if:
connection_throttling
is unset, null, or set to off
.
Applies to:
- Azure PostgreSQL Single Server
- Azure PostgreSQL Flexible Server
The check is performed via Azure API/CLI and compares the current parameter value to the expected string on
.
How to fix it
You can enable connection throttling using the Azure Portal, CLI, or PowerShell.
Azure Portal:
- Navigate to Azure Database for PostgreSQL servers.
- Select your server and go to Server parameters.
- Search for
connection_throttling
. - Set the value to ON.
- Save the configuration.
Azure CLI:
az postgres server configuration set \ --resource-group <resourceGroupName> \ --server-name <serverName> \ --name connection_throttling \ --value on
PowerShell:
Update-AzPostgreSqlConfiguration ` -ResourceGroupName "<ResourceGroupName>" ` -ServerName "<ServerName>" ` -Name "connection_throttling" ` -Value "on"
Replace placeholder values with those relevant to your actual Azure setup.
Exceptions
There are no common exceptions for this check. Disabling connection throttling weakens system resiliency and should only be done with documented and justified reasoning approved by your security or operations team.