Check: AS24-W1-000830
Apache Server 2.4 Windows Server STIG:
AS24-W1-000830
(in versions v2 r3 through v1 r0.1)
Title
The Apache web server must be tuned to handle the operational requirements of the hosted application. (Cat II impact)
Discussion
A denial of service (DoS) can occur when the Apache web server is so overwhelmed that it can no longer respond to additional requests. A web server not properly tuned may become overwhelmed and cause a DoS condition even with expected traffic from users. To avoid a DoS, the Apache web server must be tuned to handle the expected traffic for the hosted applications.
Check Content
Verify the "Timeout" directive is specified in the Apache configuration files to have a value of "10" seconds or less. If the "Timeout" directive is not configured or set for more than "10" seconds, this is a finding.
Fix Text
Add or modify the "Timeout" directive in the Apache configuration to have a value of "10" seconds or less. "Timeout 10" Restart the Apache service.
Additional Identifiers
Rule ID: SV-214354r879806_rule
Vulnerability ID: V-214354
Group Title: SRG-APP-000435-WSR-000148
Expert Comments
CCIs
Number | Definition |
---|---|
CCI-002385 |
The information system protects against or limits the effects of organization-defined types of denial of service attacks by employing organization-defined security safeguards. |
Controls
Number | Title |
---|---|
SC-5 |
Denial Of Service Protection |