connection_throttle does not work as expected

ys 0

hello good day.

i have already setup the connection_throttle parameters in my environment, but it does not work as expected.

I did a test to simulate concurrent login attempts from the same IP address. I created a script that performs 16 failed login attempts and executed it simultaneously in 5 different PowerShell windows (with slight delays between them).

my configuration:
connection_throttle.bucket_limit = 3
connection_throttle.enable = ON

connection_throttle.factor_bias = 0.1

connection_throttle.hash_entries_max = 10

connection_throttle.reset_time = 5000

connection_throttle.restore_factor = 1

connection_throttle.update_time = 1000

Despite the simulation, I did not observe the expected error: connection throttled from IP address "%s": too many login attempts

log output:

Failed Attempt 3: Failed

psql: error: connection to server at "ys-testing.postgres.database.azure.com" (XXX.XXX.XXX.200), port 5432 failed: FATAL: password authentication failed for user "XXXXXXXeah@ys-testing"

Failed Attempt 5: Failed

psql: error: connection to server at "ys-testing.postgres.database.azure.com" (XXX.XXX.XXX.200), port 5432 failed: FATAL: password authentication failed for user "XXXXXXXeah@ys-testing"

Failed Attempt 7: Failed

psql: error: connection to server at "ys-testing.postgres.database.azure.com" (XXX.XXX.XXX.200), port 5432 failed: FATAL: password authentication failed for user "XXXXXXXeah@ys-testing"

Successful Attempt 1: Failed

psql: error: connection to server at "ys-testing.postgres.database.azure.com" (XXX.XXX.XXX.200), port 5432 failed: FATAL: password authentication failed for user "XXXXXXXeah@ys-testing"

Failed Attempt 2: Failed

psql: error: connection to server at "ys-testing.postgres.database.azure.com" (XXX.XXX.XXX.200), port 5432 failed: FATAL: password authentication failed for user "XXXXXXXeah@ys-testing"

Failed Attempt 4: Failed

psql: error: connection to server at "ys-testing.postgres.database.azure.com" (XXX.XXX.XXX.200), port 5432 failed: FATAL: password authentication failed for user "XXXXXXXeah@ys-testing"

Failed Attempt 1: Failed

psql: error: connection to server at "ys-testing.postgres.database.azure.com" (XXX.XXX.XXX.200), port 5432 failed: FATAL: password authentication failed for user "XXXXXXXeah@ys-testing"

Failed Attempt 6: Failed

psql: error: connection to server at "ys-testing.postgres.database.azure.com" (XXX.XXX.XXX.200), port 5432 failed: FATAL: password authentication failed for user "XXXXXXXeah@ys-testing"

Failed Attempt 8: Failed

psql: error: connection to server at "ys-testing.postgres.database.azure.com" (XXX.XXX.XXX.200), port 5432 failed: FATAL: password authentication failed for user "XXXXXXXeah@ys-testing"

Failed Attempt 3: Failed

psql: error: connection to server at "ys-testing.postgres.database.azure.com" (XXX.XXX.XXX.200), port 5432 failed: FATAL: password authentication failed for user "XXXXXXXeah@ys-testing"

Failed Attempt 5: Failed

psql: error: connection to server at "ys-testing.postgres.database.azure.com" (XXX.XXX.XXX.200), port 5432 failed: FATAL: password authentication failed for user "XXXXXXXeah@ys-testing"

Failed Attempt 2: Failed

psql: error: connection to server at "ys-testing.postgres.database.azure.com" (XXX.XXX.XXX.200), port 5432 failed: FATAL: password authentication failed for user "XXXXXXXeah@ys-testing"

Failed Attempt 7: Failed

psql: error: connection to server at "ys-testing.postgres.database.azure.com" (XXX.XXX.XXX.200), port 5432 failed: FATAL: password authentication failed for user "XXXXXXXeah@ys-testing"

Failed Attempt 9: Failed

psql: error: connection to server at "ys-testing.postgres.database.azure.com" (XXX.XXX.XXX.200), port 5432 failed: FATAL: password authentication failed for user "XXXXXXXeah@ys-testing"

Failed Attempt 4: Failed

psql: error: connection to server at "ys-testing.postgres.database.azure.com" (XXX.XXX.XXX.200), port 5432 failed: FATAL: password authentication failed for user "XXXXXXXeah@ys-testing"

Failed Attempt 6: Failed

psql: error: connection to server at "ys-testing.postgres.database.azure.com" (XXX.XXX.XXX.200), port 5432 failed: FATAL: password authentication failed for user "XXXXXXXeah@ys-testing"

Failed Attempt 3: Failed

psql: error: connection to server at "ys-testing.postgres.database.azure.com" (XXX.XXX.XXX.200), port 5432 failed: FATAL: password authentication failed for user "XXXXXXXeah@ys-testing"

Failed Attempt 8: Failed

psql: error: connection to server at "ys-testing.postgres.database.azure.com" (XXX.XXX.XXX.200), port 5432 failed: FATAL: password authentication failed for user "XXXXXXXeah@ys-testing"

Failed Attempt 10: Failed

psql: error: connection to server at "ys-testing.postgres.database.azure.com" (XXX.XXX.XXX.200), port 5432 failed: FATAL: password authentication failed for user "XXXXXXXeah@ys-testing"

Failed Attempt 5: Failed

psql: error: connection to server at "ys-testing.postgres.database.azure.com" (XXX.XXX.XXX.200), port 5432 failed: FATAL: password authentication failed for user "XXXXXXXeah@ys-testing"

Failed Attempt 7: Failed

psql: error: connection to server at "ys-testing.postgres.database.azure.com" (XXX.XXX.XXX.200), port 5432 failed: FATAL: password authentication failed for user "XXXXXXXeah@ys-testing"

Failed Attempt 4: Failed

psql: error: connection to server at "ys-testing.postgres.database.azure.com" (XXX.XXX.XXX.200), port 5432 failed: FATAL: password authentication failed for user "XXXXXXXeah@ys-testing"

Failed Attempt 9: Failed

psql: error: connection to server at "ys-testing.postgres.database.azure.com" (XXX.XXX.XXX.200), port 5432 failed: FATAL: password authentication failed for user "XXXXXXXeah@ys-testing"

Failed Attempt 11: Failed

psql: error: connection to server at "ys-testing.postgres.database.azure.com" (XXX.XXX.XXX.200), port 5432 failed: FATAL: password authentication failed for user "XXXXXXXeah@ys-testing"

Failed Attempt 6: Failed

psql: error: connection to server at "ys-testing.postgres.database.azure.com" (XXX.XXX.XXX.200), port 5432 failed: FATAL: password authentication failed for user "XXXXXXXeah@ys-testing"

Failed Attempt 8: Failed

psql: error: connection to server at "ys-testing.postgres.database.azure.com" (XXX.XXX.XXX.200), port 5432 failed: FATAL: password authentication failed for user "XXXXXXXeah@ys-testing"

Failed Attempt 5: Failed

psql: error: connection to server at "ys-testing.postgres.database.azure.com" (XXX.XXX.XXX.200), port 5432 failed: FATAL: password authentication failed for user "XXXXXXXeah@ys-testing"

Failed Attempt 10: Failed

psql: error: connection to server at "ys-testing.postgres.database.azure.com" (XXX.XXX.XXX.200), port 5432 failed: FATAL: password authentication failed for user "XXXXXXXeah@ys-testing"

Failed Attempt 12: Failed

psql: error: connection to server at "ys-testing.postgres.database.azure.com" (XXX.XXX.XXX.200), port 5432 failed: FATAL: password authentication failed for user "XXXXXXXeah@ys-testing"

Failed Attempt 7: Failed

psql: error: connection to server at "ys-testing.postgres.database.azure.com" (XXX.XXX.XXX.200), port 5432 failed: FATAL: password authentication failed for user "XXXXXXXeah@ys-testing"

Failed Attempt 9: Failed

psql: error: connection to server at "ys-testing.postgres.database.azure.com" (XXX.XXX.XXX.200), port 5432 failed: FATAL: password authentication failed for user "XXXXXXXeah@ys-testing"

Failed Attempt 6: Failed

psql: error: connection to server at "ys-testing.postgres.database.azure.com" (XXX.XXX.XXX.200), port 5432 failed: FATAL: password authentication failed for user "XXXXXXXeah@ys-testing"

Failed Attempt 11: Failed

psql: error: connection to server at "ys-testing.postgres.database.azure.com" (XXX.XXX.XXX.200), port 5432 failed: FATAL: password authentication failed for user "XXXXXXXeah@ys-testing"

Failed Attempt 13: Failed

psql: error: connection to server at "ys-testing.postgres.database.azure.com" (XXX.XXX.XXX.200), port 5432 failed: FATAL: password authentication failed for user "XXXXXXXeah@ys-testing"

Failed Attempt 8: Failed

psql: error: connection to server at "ys-testing.postgres.database.azure.com" (XXX.XXX.XXX.200), port 5432 failed: FATAL: password authentication failed for user "XXXXXXXeah@ys-testing"

Failed Attempt 10: Failed

psql: error: connection to server at "ys-testing.postgres.database.azure.com" (XXX.XXX.XXX.200), port 5432 failed: FATAL: password authentication failed for user "XXXXXXXeah@ys-testing"

Failed Attempt 7: Failed

psql: error: connection to server at "ys-testing.postgres.database.azure.com" (XXX.XXX.XXX.200), port 5432 failed: FATAL: password authentication failed for user "XXXXXXXeah@ys-testing"

Failed Attempt 12: Failed

psql: error: connection to server at "ys-testing.postgres.database.azure.com" (XXX.XXX.XXX.200), port 5432 failed: FATAL: password authentication failed for user "XXXXXXXeah@ys-testing"

Failed Attempt 14: Failed

psql: error: connection to server at "ys-testing.postgres.database.azure.com" (XXX.XXX.XXX.200), port 5432 failed: FATAL: password authentication failed for user "XXXXXXXeah@ys-testing"

Failed Attempt 9: Failed

psql: error: connection to server at "ys-testing.postgres.database.azure.com" (XXX.XXX.XXX.200), port 5432 failed: FATAL: password authentication failed for user "XXXXXXXeah@ys-testing"

Failed Attempt 11: Failed

psql: error: connection to server at "ys-testing.postgres.database.azure.com" (XXX.XXX.XXX.200), port 5432 failed: FATAL: password authentication failed for user "XXXXXXXeah@ys-testing"

Failed Attempt 8: Failed

psql: error: connection to server at "ys-testing.postgres.database.azure.com" (XXX.XXX.XXX.200), port 5432 failed: FATAL: password authentication failed for user "XXXXXXXeah@ys-testing"

Failed Attempt 13: Failed

psql: error: connection to server at "ys-testing.postgres.database.azure.com" (XXX.XXX.XXX.200), port 5432 failed: FATAL: password authentication failed for user "XXXXXXXeah@ys-testing"

Failed Attempt 15: Failed

psql: error: connection to server at "ys-testing.postgres.database.azure.com" (XXX.XXX.XXX.200), port 5432 failed: FATAL: password authentication failed for user "XXXXXXXeah@ys-testing"

Failed Attempt 10: Failed

psql: error: connection to server at "ys-testing.postgres.database.azure.com" (XXX.XXX.XXX.200), port 5432 failed: FATAL: password authentication failed for user "XXXXXXXeah@ys-testing"

Failed Attempt 12: Failed

psql: error: connection to server at "ys-testing.postgres.database.azure.com" (XXX.XXX.XXX.200), port 5432 failed: FATAL: password authentication failed for user "XXXXXXXeah@ys-testing"

Failed Attempt 9: Failed

psql: error: connection to server at "ys-testing.postgres.database.azure.com" (XXX.XXX.XXX.200), port 5432 failed: FATAL: password authentication failed for user "XXXXXXXeah@ys-testing"

Failed Attempt 14: Failed

psql: error: connection to server at "ys-testing.postgres.database.azure.com" (XXX.XXX.XXX.200), port 5432 failed: FATAL: password authentication failed for user "XXXXXXXeah@ys-testing"

Failed Attempt 16: Failed

psql: error: connection to server at "ys-testing.postgres.database.azure.com" (XXX.XXX.XXX.200), port 5432 failed: FATAL: password authentication failed for user "XXXXXXXeah@ys-testing"

Failed Attempt 11: Failed

psql: error: connection to server at "ys-testing.postgres.database.azure.com" (XXX.XXX.XXX.200), port 5432 failed: FATAL: password authentication failed for user "XXXXXXXeah@ys-testing"

Failed Attempt 13: Failed

psql: error: connection to server at "ys-testing.postgres.database.azure.com" (XXX.XXX.XXX.200), port 5432 failed: FATAL: password authentication failed for user "XXXXXXXeah@ys-testing"

Failed Attempt 10: Failed

psql: error: connection to server at "ys-testing.postgres.database.azure.com" (XXX.XXX.XXX.200), port 5432 failed: FATAL: password authentication failed for user "XXXXXXXeah@ys-testing"

Failed Attempt 15: Failed

psql: error: connection to server at "ys-testing.postgres.database.azure.com" (XXX.XXX.XXX.200), port 5432 failed: FATAL: password authentication failed for user "XXXXXXXeah@ys-testing"

Failed Attempt 12: Failed

psql: error: connection to server at "ys-testing.postgres.database.azure.com" (XXX.XXX.XXX.200), port 5432 failed: FATAL: password authentication failed for user "XXXXXXXeah@ys-testing"

Failed Attempt 14: Failed

psql: error: connection to server at "ys-testing.postgres.database.azure.com" (XXX.XXX.XXX.200), port 5432 failed: FATAL: password authentication failed for user "XXXXXXXeah@ys-testing"

Failed Attempt 11: Failed

psql: error: connection to server at "ys-testing.postgres.database.azure.com" (XXX.XXX.XXX.200), port 5432 failed: FATAL: password authentication failed for user "XXXXXXXeah@ys-testing"

Failed Attempt 16: Failed

psql: error: connection to server at "ys-testing.postgres.database.azure.com" (XXX.XXX.XXX.200), port 5432 failed: FATAL: password authentication failed for user "XXXXXXXeah@ys-testing"

Failed Attempt 13: Failed

psql: error: connection to server at "ys-testing.postgres.database.azure.com" (XXX.XXX.XXX.200), port 5432 failed: FATAL: password authentication failed for user "XXXXXXXeah@ys-testing"

Failed Attempt 15: Failed

psql: error: connection to server at "ys-testing.postgres.database.azure.com" (XXX.XXX.XXX.200), port 5432 failed: FATAL: password authentication failed for user "XXXXXXXeah@ys-testing"

Failed Attempt 12: Failed

psql: error: connection to server at "ys-testing.postgres.database.azure.com" (XXX.XXX.XXX.200), port 5432 failed: FATAL: password authentication failed for user "XXXXXXXeah@ys-testing"

Failed Attempt 14: Failed

psql: error: connection to server at "ys-testing.postgres.database.azure.com" (XXX.XXX.XXX.200), port 5432 failed: FATAL: password authentication failed for user "XXXXXXXeah@ys-testing"

Failed Attempt 16: Failed

psql: error: connection to server at "ys-testing.postgres.database.azure.com" (XXX.XXX.XXX.200), port 5432 failed: FATAL: password authentication failed for user "XXXXXXXeah@ys-testing"

Failed Attempt 13: Failed

psql: error: connection to server at "ys-testing.postgres.database.azure.com" (XXX.XXX.XXX.200), port 5432 failed: FATAL: password authentication failed for user "XXXXXXXeah@ys-testing"

Failed Attempt 15: Failed

psql: error: connection to server at "ys-testing.postgres.database.azure.com" (XXX.XXX.XXX.200), port 5432 failed: FATAL: password authentication failed for user "XXXXXXXeah@ys-testing"

Failed Attempt 14: Failed

psql: error: connection to server at "ys-testing.postgres.database.azure.com" (XXX.XXX.XXX.200), port 5432 failed: FATAL: password authentication failed for user "XXXXXXXeah@ys-testing"

Failed Attempt 16: Failed

psql: error: connection to server at "ys-testing.postgres.database.azure.com" (XXX.XXX.XXX.200), port 5432 failed: FATAL: password authentication failed for user "XXXXXXXeah@ys-testing"

Failed Attempt 15: Failed

psql: error: connection to server at "ys-testing.postgres.database.azure.com" (XXX.XXX.XXX.200), port 5432 failed: FATAL: password authentication failed for user "XXXXXXXeah@ys-testing"

Failed Attempt 16: Failed

psql: error: connection to server at "ys-testing.postgres.database.azure.com" (XXX.XXX.XXX.200), port 5432 failed: FATAL: password authentication failed for user "XXXXXXXeah@ys-testing"

After running the script, I manually attempted to log in using psql in one of the PowerShell windows and received the following output:

PS C:\Users\XXXXXXXeah\downloads> C:\Users\XXXXXXXeah\Downloads\Test-ConnectionThrottle.ps1

Test completed. Results saved in ConnectionThrottleTest.log

PS C:\Users\XXXXXXXeah\downloads> psql -h ys-testing.postgres.database.azure.com -p 5432 -U XXXXXXXeah -d postgres

psql: error: connection to server at "ys-testing.postgres.database.azure.com" (XXX.XXX.XXX.200), port 5432 failed: FATAL: password authentication failed for user "XXXXXXXeah"

connection to server at "ys-testing.postgres.database.azure.com" (XXX.XXX.XXX.200), port 5432 failed: FATAL: no pg_hba.conf entry for host "XX.XXX.X.62", user "XXXXXXXeah", database "postgres", no encryption

Microsoft Moderators: Removed PII information from the question

However, when I tried logging manually from a new PowerShell window, the connection was successful:

i can see there are a lot of failed connections in my server on the metrics dashboard and also received a suspected security threat email from Microsoft Defender

ASK: may i know if this is the expected behavior of connection_throttle?

i want to understand how long the temporary throttling lasts. Specifically, will it block all login attempts from that IP address until the bucket is refilled with tokens?

lastly, may i know any recommendations for setting the parameter values, for example in a banking industry. is there any documentation i can refer?

Kindly share your ideas on this. thank you

Anonymous

2025-09-18T14:25:14.6666667+00:00

Hi ys.

Thank you for posting your query on Microsoft Q&A!

Just checking to see if you have a chance to check Alex Burlachenko response and do let me know if you have any further questions on this.

Thanks!

Kalyani
Anonymous

2025-09-19T13:06:50.7733333+00:00

Hi ys.

We noticed we haven't received a response from you regarding the last update. If you've found a resolution, we’d greatly appreciate it if you could share it with the community, as it might benefit others. If not, please let us know, and we’ll provide further details and do our best to assist you.

Thanks!

1 answer

Alex Burlachenko 22,120 Reputation points MVP Volunteer Moderator

2025-09-18T08:25:57.3033333+00:00
hi ys! wow, that is a super detailed test you ran. excellent work on documenting everything.

from your logs, it looks like the connection_throttle is not triggering at all. you are right to be concerned. the fact that you got a defender alert about a suspected threat confirms that the system saw the attack pattern, but the postgres parameter did not kick in.

this might be because the connection_throttle parameters in azure postgres are designed to throttle based on successful connections that then become idle or abusive, not necessarily failed login attempts. its focus is more on resource exhaustion than brute force authentication attacks.

for brute force protection, you should rely on azure's built in security features. since you are already getting defender alerts, the system is detecting the threat. you can escalate the response by enabling advanced threat protection for your postgres server. this can automatically block ips that show malicious patterns.

also, check your pg_hba.conf settings. the error you saw about no pg_hba.conf entry suggests that the server is rejecting the connection based on its access rules before the throttling logic even gets a chance to apply.

for banking level security, you should definitely use a virtual network and only allow connections from within that vnet. this eliminates most external attacks. then, use azure private link to connect your applications securely.

here is the deep documentation on azure postgres security. https://learn.microsoft.com/azure/postgresql/flexible-server/concepts-security

hope this points you in the right direction. your testing was thorough. now its time to let azure's higher level security tools do the heavy lifting for you.

Best regards,

Alex
```
and "yes" if you would follow me at Q&A - personaly thx.
P.S. If my answer help to you, please Accept my answer
```
https://ctrlaltdel.blog/
Was this answer helpful?
ys 0 Reputation points

2025-09-19T06:53:30.6033333+00:00

hey Alex, thanks for your precise explanation. i will review your recommendations. appreciate your response!

Anonymous

2025-09-22T08:28:23.3333333+00:00

Hi ys,

Could you please confirm if you have gone through the above response and if that worked for you? If yes then could you please do an "Upvote" or Accept the same as an answer so that it would help other community members.

Thanks!
Sign in to comment

Use comments to ask for clarification, additional information, or improvements to the question.

Your answer