search with asterisk (*) character

Hi;

In a penetration test, audit asks us to cancel searching with asterisk (*).

Audit says if a attacker tries searching with asterisk again and again, it makes the system unresponsive.

Could you please handle us how we can cancel searching with only asterisk character (but additionaly we should be able to use astersik character for searching with another letter or number in front of or behind the asterisk)?

Best regards

Noyan