CME-906

Rate Limiting / Connection Throttling

Harden Network Medium Confidence

Description

Limits request rate per client IP or authenticated identity. Mitigates brute force attacks, credential stuffing, and application-level denial of service.

CVSS Vector Impacts

Metric Transition Rationale
Availability (A) H L Single client cannot exhaust application resources
Attack Complexity (AC) L H Brute force attacks throttled to impractical speeds

CWE Relationships

CWE-307 CWE-400

Verification

Verify rate limiting is configured

$ grep -r 'limit_req_zone\|rate-limit' /etc/nginx/ 2>/dev/null
# Expected: limit_req_zone
Platform: any
← CME-905: Content Security Policy (CSP) Headers CME-907: Application-Layer RBAC Enforcement →