WG110 A22 - The number of allowed simultaneous requests must be set.

Information

Resource exhaustion can occur when an unlimited number of concurrent requests are allowed on a web site, facilitating a denial of service attack. Mitigating this kind of attack will include limiting the number of concurrent HTTP/HTTPS requests per IP address and may include, where feasible, limiting parameter values associated with keepalive, (i.e., a parameter used to limit the amount of time a connection may be inactive).

Solution

Edit the httpd.conf file and set the MaxKeepAliveRequests directive to 100 or greater.

See Also

https://iasecontent.disa.mil/stigs/zip/U_Apache_2-2_UNIX_V1R10_STIG.zip

Item Details

Category: SYSTEM AND COMMUNICATIONS PROTECTION

References: 800-53|SC-6, CAT|II, Rule-ID|SV-33018r1_rule, STIG-ID|WG110, Vuln-ID|V-2240

Plugin: Unix

Control ID: 6a666ec1e35939769dd84329515e9497a4fa56b438860455edc1896590ef3255