Bits of .NET

Kestrel has built-in protection against floods, slow clients, and excessive headers.

Key Settings in appsettings.json:

"Kestrel": {
  "Limits": {
    "MaxRequestBodySize": 1048576,
    "KeepAliveTimeout": "00:00:30",
    "RequestHeadersTimeout": "00:00:30"
  }
}

💡 Why This Matters

• Stops slow-loris attacks

• Reduces memory pressure

• Prevents API overload

• Ensures predictable scaling

Bonus

Enable HTTP/2 for better concurrency.