Check: AS24-W2-000830
Apache Server 2.4 Windows Site STIG:
AS24-W2-000830
(in versions v2 r1 through v1 r0.1)
Title
The Apache web server must be tuned to handle the operational requirements of the hosted application. (Cat II impact)
Discussion
A denial of service (DoS) can occur when the web server is so overwhelmed that it can no longer respond to additional requests. A web server not properly tuned may become overwhelmed and cause a DoS condition even with expected traffic from users. To avoid a DoS, the web server must be tuned to handle the expected traffic for the hosted applications. Satisfies: SRG-APP-000435-WSR-000148, SRG-APP-000246-WSR-000149
Check Content
Review the <'INSTALLED PATH'>\conf\httpd.conf file. Verify the "Timeout" directive is specified to have a value of "10" seconds or less. If the "Timeout" directive is not configured or is set for more than "10" seconds, this is a finding.
Fix Text
Add or modify the "Timeout" directive in the Apache configuration to have a value of "10" seconds or less. "Timeout 10"
Additional Identifiers
Rule ID: SV-214392r400402_rule
Vulnerability ID: V-214392
Group Title: SRG-APP-000435-WSR-000148
Expert Comments
CCIs
Number | Definition |
---|---|
CCI-001094 |
The information system restricts the ability of individuals to launch organization-defined denial of service attacks against other information systems. |
CCI-002385 |
The information system protects against or limits the effects of organization-defined types of denial of service attacks by employing organization-defined security safeguards. |