Verify that server parameter 'connection_throttling' is set to 'ON' for PostgreSQL Database Server

Framework Reference: A.A.8.20 Integration: Azure – PostgreSQL Server

Why this matters

This setting ensures the PostgreSQL server logs additional details about concurrent connection attempts. These logs are essential for identifying and investigating performance degradation or denial-of-service (DoS) conditions—whether triggered by malicious actors or unexpected spikes in legitimate usage.

Without this setting enabled, connection-related issues may go unlogged, leaving teams blind to resource exhaustion risks and unable to perform proper diagnostics.


What this check does

This Auto Check evaluates the configuration of the PostgreSQL server parameter connection_throttling.

Check Logic:
Passes if:

connection_throttling is explicitly set to on.

Fails if:

connection_throttling is unset, null, or set to off.

Applies to:

  • Azure PostgreSQL Single Server
  • Azure PostgreSQL Flexible Server

The check is performed via Azure API/CLI and compares the current parameter value to the expected string on.


How to fix it

You can enable connection throttling using the Azure Portal, CLI, or PowerShell.

Azure Portal:

  1. Navigate to Azure Database for PostgreSQL servers.
  2. Select your server and go to Server parameters.
  3. Search for connection_throttling.
  4. Set the value to ON.
  5. Save the configuration.

Azure CLI:

az postgres server configuration set \  --resource-group <resourceGroupName> \  --server-name <serverName> \  --name connection_throttling \  --value on

PowerShell:

Update-AzPostgreSqlConfiguration `  -ResourceGroupName "<ResourceGroupName>" `  -ServerName "<ServerName>" `  -Name "connection_throttling" `  -Value "on"

Replace placeholder values with those relevant to your actual Azure setup.


Exceptions

There are no common exceptions for this check. Disabling connection throttling weakens system resiliency and should only be done with documented and justified reasoning approved by your security or operations team.


Further resources

Was this article helpful?