Views:

Applies to Product - Power Pages


What’s happening?
Rate limiting features are not employed to prevent automated attacks against endpoints, allowing adversaries to send large volumes of requests in a short time frame.


Reason:
The WAF (Web Application Firewall) settings may be disabled, preventing the configuration of rate limiting even when the WAF is enabled for the site.


Resolution:
To implement rate limiting, ensure that the WAF is enabled on the production portal.
Check the WAF feature documentation for guidance on configuring rate limiting:

If the rate limit feature is not functional for specific forms, it may be due to the WAF being set to manage the entire portal rather than individual forms. In such cases, consider the overall portal settings and the potential for DDoS attacks if a large volume of requests is detected.
For further assistance, consult the WAF FAQ documentation to set up managed rules for your situation.