37 - Configure maxHttpHeaderSize

Information

The maxHttpHeaderSize limits the size of the request and response headers and is defined in bytes. If not specified, the default is 8192 bytes.

Limiting the size of the header request can help protect against Denial of Service requests.

Solution

Within $JETTY_HOME/etc/server.xml ensure each connector is configured to the appropriate maxHttpHeaderSize setting.
maxHttpHeaderSize="8192"

Item Details

Category: SYSTEM AND COMMUNICATIONS PROTECTION

References: 800-53|SC-5

Plugin: Unix

Control ID: 3e742554c4e53ff798c216b32e767a9534b071520b06455ce6cdef25cf336a1c