2.4.4 Ensure send_timeout is set to 10 seconds or less, but not 0

Information

The send_timeout directive sets a timeout for transmitting a response to the client between two successive write operations.

Rationale:

Setting the send_timeout directive on the server side helps mitigate slow HTTP denial of service attacks by ensuring write operations taking up large amounts of time are closed.

Solution

Find the HTTP or server block of your nginx configuration, and add the send_timeout directive. Set it to 10 seconds or less, but not 0.

send_timeout 10;

Default Value:

send_timeout 60s;

See Also

https://workbench.cisecurity.org/benchmarks/17381

Item Details

Category: SYSTEM AND SERVICES ACQUISITION

References: 800-53|SA-3, CSCv7|18.1

Plugin: Unix

Control ID: 6d5d0e686642c13faddabab3c61fbae5843300f68ece1d53568e7e1db54728ee