Given the following
I wish to restrict the total number of concurrent HTTP requests to the application.
I have looked at https://github.com/stefanprodan/WebApiThrottle but that seems to be focused on different use cases.
I would like the equivalent of this setting in IIS: https://forums.asp.net/t/1683143.aspx?Max+concurrent+requests
This is to avoid attacking a backend service in counterproductive ways.
To avoid the attack, you could restrict the concurrent requests using Dynamic IP Restrictions. If the concurrent requests count is larger than the setting value, the IP address will be blocked.
<system.webServer>
<security>
<dynamicIpSecurity>
<denyByConcurrentRequests enabled="true" maxConcurrentRequests="30"/>
<denyByRequestRate enabled="true" maxRequests="30" requestIntervalInMilliseconds="2000"/>
</dynamicIpSecurity>
</security>
</system.webServer>
For more information, link below is for your reference.
Configuring Dynamic IP Address Restrictions in Windows Azure Web Sites
