Suspicious IP Throttling

Suspicious IP Throttling is an always-on security layer that protects your applications from high-velocity attacks. These attacks occur when a malicious actor from a single IP address rapidly attempts to log in or sign up for many different user accounts. This feature automatically identifies and blocks these sources of malicious traffic to protect your entire user base.

How It Works

Our system continuously monitors the rate of login and signup attempts originating from every IP address globally. When the number of attempts from a single IP exceeds a predefined security threshold within a short period, that IP is flagged as suspicious. Once flagged, the IP is temporarily throttled. Any further login or signup attempts from that IP will receive an HTTP 429 Too Many Requests error, effectively neutralizing the attack vector while legitimate users on other networks remain completely unaffected.

What This Means for You

  • Automatic Protection: There is nothing you need to configure. This protection is active for your tenant 24/7.
  • Admin Notifications: When an IP address is throttled due to suspicious activity, your workspace administrators will receive an email notification, keeping you informed of potential threats.
  • Seamless User Experience: Legitimate users will not be impacted by this feature. It is designed to only target high-velocity, abnormal traffic patterns that are clear indicators of an automated attack.

Handling Shared IPs and Proxies

We understand that some legitimate scenarios, like users connecting from behind a large corporate NAT or proxy, can generate a high volume of traffic from a single IP. If you have a trusted IP address or range that needs to be exempt from throttling, please contact Altostrat support, and we can add it to your tenant’s allowlist.