A method and apparatus for mitigating a distributed denial-of-service attack are disclosed. In the method and apparatus a first set of data received from a computer system and addressed to a server is monitored over a first interval to determine whether one or more conditions for limiting computer system data are met. As a result of the one or more conditions for limiting the computer system data being met, a limit is placed on a second set of data provided to the server over a second interval. It is then determined whether one or more conditions for removing the limit are met and as a result of the one or more conditions for removing the limit being met, the limit is removed over an interval subsequent to the second interval.