Menu
I am using ASP.NET with IIS7 and today a bug in one of my pages caused the server to go down. The script was using ajax to query a resource at a rate of ~1000 requests per second. The requests are authenticated, so I know what user requested what page.
My question is, either via IHttpModule or otherwise, how do I limit at the server-level, the max number of requests per second (or per minute) a client is allowed to make and then introduce a delay so that their requests are throttled?
589
By default IIS 8.5 can handle 5000 concurrent requests as per MaxConcurrentRequestsPerCPU settings in aspnet. config.
Protocol listeners receive protocol-specific requests, send them to IIS for processing, and then return responses to requestors. For example, when a client browser requests a Web page from the Internet, the HTTP listener, HTTP. sys, picks up the request and sends it to IIS for processing.
If the response is not cached, Inetinfo.exe or DLLHost.exe processes the request, evaluating the URL to determine if the request is for static content (HTML), or dynamic content (ASP, ASP.NET or ISAPI). The response is sent back to the client and the request is logged, if IIS is configured to do so.
If anyone finds their way back here, you can throttle requests per user in IIS 8 and up. The setting is denyRequestByRate. The documentation is here.
141
If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!
Donate Us With
