3.11 - Domain HTTP Post Timeout is not set

Warning! Audit Deprecated

This audit has been deprecated and will be removed in a future update.

View Next Audit Version

Information

The Post Timeout value is the amount of time servers in this domain wait between receiving chunks of data in an HTTP POST request before it times out. This setting is made at the domain level, but can also be made at the server level (see Server HTTP Post Timeout). A server level value will override the domain value, but if a server value has not been set, this domain level value is used.

If this value is not set securely, a malicious user could succeed in a denial-of-service attack by overloading the server with POST data.

Solution

1. Login to the Administration Console.
2. In the Change Center, click Lock & Edit.
3. In the left pane, select the Domain name.
4. Select Configuration > Web Applications.
5. Ensure that the 'Post Timeout' value is set to [30].
6. If necessary, click Save.
7. To activate these changes, in the Change Center of the Administration Console, Click Activate Changes.

Item Details

Category: SYSTEM AND COMMUNICATIONS PROTECTION

References: 800-53|SC-5

Plugin: Unix

Control ID: c0d75c7444ae9539e058c1db4233977f257bec51f0858fb07e7d71761e20b192