V-279088

Discussion

Limiting the request throttle memory is essential to prevent resource exhaustion and potential denial-of-service (DoS) attacks. Without a limit, an excessive number of large requests can overwhelm the server, consuming memory and other resources, leading to performance degradation or crashes. Any requests made above the throttle threshold are considered throttled and cumulatively their total request size cannot be above the throttle memory setting. Any throttled requests made while insufficient throttle memory remaining will be queued. Any requests larger than the throttle memory will be rejected. By setting a request throttle memory limit, the server can manage its resources more effectively, ensuring that it remains responsive and available to handle client requests efficiently.

Check Content

Verify Request Throttle Memory settings.

1. From the Admin Console Landing Screen, navigate to Server Settings >> Settings.

2. Interview the administrator to determine what the maximum post data size is required for the hosted applications.

If the "Request Throttle Memory" is not set to a 10 to 25 times multiple of the larger of "Request Throttle Threshold" or the maximum request size, this is a finding.