Set a rate limit

Set a rate limit

Summary

The server must have a rate limit to control interaction frequency.

Description

Several attacks depend on executing a huge amount of requests from a single host. For instance, it is possible to exhaust a server's connection pool with a single essential by using asynchronous requests, effectively causing a Denial of Service (DoS). These and other attacks, such as the ones depending on brute force, can be thwarted, or severely hindered, by limiting the number of requests that a single host can send to the server in a short period of time. Therefore, server settings should include a rate limit that considers a regular request flow between a host and the server.

Supported In

This requirement is verified in following services

Plan Supported
Essential 🟢
Advanced 🟢

References

Vulnerabilities

Free trial message
Free trial
Search for vulnerabilities in your apps for free with Fluid Attacks' automated security testing! Start your 21-day free trial and discover the benefits of the Continuous Hacking Essential plan. If you prefer the Advanced plan, which includes the expertise of Fluid Attacks' hacking team, fill out this contact form.