More Info:
Ensure that “connection_throttling” server parameter is enabled for all PostgreSQL database servers provisioned within your Microsoft Azure cloud account. The “connection_throttling” parameter enables temporary connection throttling per IP address for too many invalid login failures.Risk Level
MediumAddress
SecurityCompliance Standards
CISAZURE, CBP, SOC2, NISTCSF, PCIDSSTriage and Remediation
Remediation
Using Console
Using Console
To enable “CONNECTION_THROTTLING” parameter for PostgreSQL Servers in Azure using Azure Console, please follow the below steps:Step 1: Login to the Azure Portal (https://portal.azure.com/).Step 2: Navigate to the Azure Database for PostgreSQL Server that you want to configure.Step 3: Click on the “Settings” option in the left-hand menu.Step 4: Under the “Settings” menu, click on the “Configuration” option.Step 5: In the “Configuration” menu, click on the “Add parameter” button.Step 6: In the “Add parameter” window, enter “CONNECTION_THROTTLING” in the “Parameter name” field.Step 7: In the “Value” field, enter the desired value for the parameter. For example, “1” to enable the parameter.Step 8: Click on the “OK” button to save the parameter.Step 9: Restart the PostgreSQL server for the changes to take effect.After following these steps, “CONNECTION_THROTTLING” parameter will be enabled for the PostgreSQL server in Azure.
Using CLI
Using CLI
To enable “CONNECTION_THROTTLING” parameter for PostgreSQL Servers on Azure using Azure CLI, follow these steps:
- Open the Azure CLI on your local machine or use the Azure Cloud Shell.
- Login to your Azure account using the command:
az login
. - Select the subscription in which your PostgreSQL server is present using the command:
az account set --subscription <subscription_id>
. - Get the resource ID of the PostgreSQL server by running the following command:
az postgres server show --resource-group <resource_group_name> --name <server_name> --query id --output tsv
. - Set the “CONNECTION_THROTTLING” parameter to “on” using the command:
az postgres server configuration set --resource-group <resource_group_name> --server-name <server_name> --name "connection_throttling" --value "on"
. - Verify that the parameter has been set to “on” by running the command:
az postgres server configuration show --resource-group <resource_group_name> --server-name <server_name> --name "connection_throttling"
.
<subscription_id>
, <resource_group_name>
, and <server_name>
with your actual values.Using Python
Using Python
To remediate the misconfiguration “Enable CONNECTION_THROTTLING Parameter for PostgreSQL Servers” in Azure using Python, you can follow the below steps:With these steps, you should be able to remediate the misconfiguration “Enable CONNECTION_THROTTLING Parameter for PostgreSQL Servers” in Azure using Python.
- Import the required modules:
- Authenticate to Azure using DefaultAzureCredential:
- Create a PostgreSQLManagementClient object:
- Get the current configuration of the PostgreSQL server:
- Check if the “CONNECTION_THROTTLING” parameter is already enabled:
- If the “CONNECTION_THROTTLING” parameter is not enabled, set it to “ON” and update the configuration:
- Verify that the parameter has been enabled by checking the updated configuration: