Timeout value parameter value should be appropriately configured

Information

The Timeout directive tells the server how long to wait to receive a GET request, the amount of time between receipt of TCP packets on a POST or PUT request, or the amount of time between ACKs on transmissions of TCP packets in responses. In order to prevent a denial of service attack from shutting down our web server, we need to change the default setting of 300 (which is 5 minutes) to 60 (which is 1 minute). You may even adjust this setting to be lower than 60.

Solution

Change the default setting of Timeout parameter in httpd.conf file from 300 (which is 5 minutes) to 60 (which is 1 minute).

Item Details

Category: ACCESS CONTROL

References: 800-53|AC-12

Plugin: Unix

Control ID: 3ac4fa67498569fe27796fea386a2765fe1f184cd5c6b05147411eb81cae6449