Denial-of-Service (DoS) Protection

kron dam includes built in rate limiting logic to detect and mitigate denial of service (dos) attempts and volumetric anomalies this mechanism restricts excessive query activity based on ip specific or global network thresholds and operates at the sql proxy or agent layer without impacting normal traffic the feature is disabled by default to enable dos protection, the following master parameter must be set dam ddm dos attack protection=true once enabled, rate enforcement follows these rules per ip rate limit is only applied when explicitly enabled by setting the relevant parameter all network rate limit is always active when protection is enabled, regardless of whether a custom value is supplied parameter description default (if defined) dam ddm query rate limit from single ip maximum number of queries allowed per second from a single client ip 100 dam ddm query rate limit from all network aggregate maximum query rate per second from all ips 1000 if a threshold is exceeded immediate action – the sql proxy discards every query that would cause the active rate limit to be violated persistence of block – an offending client ip remains blocked until the proxy service is restarted or the protection parameters are disabled; the list is held only in memory and is cleared at restart it is visible only in the proxy’s application log file setting dam ddm dos attack protection=false (bypasses the entire mechanism, leaving the environment unprotected)