Limit concurrent requests in Azure App Service

2
votes

Given the following

  • ASP.NET Web API application
  • Target: .NET Framework 4.6.1
  • Hosted as Azure App Service

I wish to restrict the total number of concurrent HTTP requests to the application.

I have looked at https://github.com/stefanprodan/WebApiThrottle but that seems to be focused on different use cases.

I would like the equivalent of this setting in IIS: https://forums.asp.net/t/1683143.aspx?Max+concurrent+requests

1
azureasp.net-web-apiazure-web-app-service
Why would you want to limit the total number of concurrent HTTP requests? I would think they've thought their settings through...rickvdbosch
I understand this is an unusual question, but bear with me. This is to avoid attacking a backend service in counterproductive ways.Bernard Vander Beken

1 Answers

6
votes

This is to avoid attacking a backend service in counterproductive ways.

To avoid the attack, you could restrict the concurrent requests using Dynamic IP Restrictions. If the concurrent requests count is larger than the setting value, the IP address will be blocked.

<system.webServer>
  <security>
    <dynamicIpSecurity>
      <denyByConcurrentRequests enabled="true" maxConcurrentRequests="30"/>
      <denyByRequestRate enabled="true" maxRequests="30" requestIntervalInMilliseconds="2000"/>
    </dynamicIpSecurity>
  </security>
</system.webServer>

For more information, link below is for your reference.

Configuring Dynamic IP Address Restrictions in Windows Azure Web Sites