WG110 A22 - The number of allowed simultaneous requests must be set.

Information

Resource exhaustion can occur when an unlimited number of concurrent requests are allowed on a web site, facilitating a denial of service attack. Mitigating this kind of attack will include limiting the number of concurrent HTTP/HTTPS requests per IP address and may include, where feasible, limiting parameter values associated with keepalive, (i.e., a parameter used to limit the amount of time a connection may be inactive).

Solution

Edit the httpd.conf file and set the MaxKeepAliveRequests directive to 100 or greater.

See Also

https://iasecontent.disa.mil/stigs/zip/U_Apache_2-2_UNIX_V1R11_STIG.zip

Item Details

Category: SYSTEM AND COMMUNICATIONS PROTECTION

References: 800-53|SC-6, CAT|II, Rule-ID|SV-33018r1_rule, STIG-ID|WG110_A22, Vuln-ID|V-2240

Plugin: Unix

Control ID: 6b50ae1940c70d4f8c4908fca62afed5462328074bb3be2f7e9861ad49b08766