Detect and throttle malicious or excessive requests to prevent downstream resource exhaustion and brute-force activity.
Networking / Loadbalancer / Controls / DEV
Enforce and Detect Rate Limiting
CCC.LB.CN01 · Networking
Related Capabilities
| ID | Title | Description |
|---|---|---|
| CCC.Core.CP04 | Transaction Rate Limits | The service can throttle, delay, or reject excess requests when transactions exceed a user-specified rate limit, and always provides industry-standard throughput up to that limit. |
| CCC.LB.CP22 | Rate Limiting / Throttling | Ability to limit the number of requests per second per client. This ensures that no single client or user overloads the backend servers, distributing requests fairly across multiple instances. |
Related Threats
| ID | Title | Description |
|---|---|---|
| CCC.LB.TH01 | Unrestricted Request Traffic Overwhelms Downstream Services | Absence of filtering or rate limiting permits malicious traffic to overload downstream services and facilitates brute-force activity. |
| CCC.LB.TH09 | CCC.LB.TH09 |
Assessment Requirements
| ID | Text | Applicability |
|---|---|---|
| CCC.LB.CN01.AR01 | When a single client sends more than 2000 requests within any 5-minute sliding window, the load balancer MUST throttle all subsequent requests from that client for at least 60 seconds. | tlp-green, tlp-amber, tlp-red |
| CCC.LB.CN01.AR02 | When throttling is invoked, the load balancer MUST record the event in the access log within 5 minutes for alerting and trend analysis. | tlp-green, tlp-amber, tlp-red |