6

I am using ASP.NET with IIS7 and today a bug in one of my pages caused the server to go down. The script was using ajax to query a resource at a rate of ~1000 requests per second. The requests are authenticated, so I know what user requested what page.

My question is, either via IHttpModule or otherwise, how do I limit at the server-level, the max number of requests per second (or per minute) a client is allowed to make and then introduce a delay so that their requests are throttled?

Mohamed Nuur
  • 5,536
  • 6
  • 39
  • 55

2 Answers2

4

If anyone finds their way back here, you can throttle requests per user in IIS 8 and up. The setting is denyRequestByRate. The documentation is here.

bbsimonbb
  • 27,056
  • 15
  • 80
  • 110
-8

Open you IIS manager and select application pool signed to your asp.net application. Open advanced Settings for this pool and set Request Limit that shuold be greather than 0.

enter image description here

Gregor Primar
  • 6,759
  • 2
  • 33
  • 46
  • Is there anyway to set this limit on a per-host/per-user basis? – Mohamed Nuur Dec 12 '12 at 09:36
  • 1
    I don't think this is possible out of the box. But you can limit access(allow/deny) by using IP Adress and Domain Restrictions on Web Application level. This way you can ban specific trouble maker IP. – Gregor Primar Dec 12 '12 at 09:43
  • 1
    Just to make this clear, you can limit reqests on a per-host/per-user basis inside .net app but this will not put the heat from IIS off if this is causing the fail. – Gregor Primar Dec 12 '12 at 09:54
  • 6
    Setting Request Limit on Application Pool doesn't limit the number of requests in a given time interval - which is what OP asked. As it says in the description, the limit is the number of requests to process before the application pool is recycled. – PHeiberg Aug 02 '13 at 07:59