9.3 Ensure MaxKeepAliveRequests is Set to a Value of 100 or Greater

Information

The MaxKeepAliveRequests directive limits the number of requests allowed per connection when KeepAlive is on. If it is set to 0, unlimited requests will be allowed.

Rationale:

The MaxKeepAliveRequests directive is important to be used to mitigate the risk of Denial of Service (DoS) attack technique by reducing the overhead imposed on the server. The KeepAlive directive must be enabled before it is effective. Enabling KeepAlives allows for multiple HTTP requests to be sent while keeping the same TCP connection alive. This reduces the overhead of having to setup and tear down TCP connections for each request. By making the server more efficient, it will be more resilient to DoS conditions.

Solution

Perform the following to implement the recommended state:
Add or modify the MaxKeepAliveRequests directive in the Apache configuration to have a value of 100 or more.

MaxKeepAliveRequests 100

Default Value:

MaxKeepAliveRequests 100

See Also

https://workbench.cisecurity.org/files/4548