The rhttpproxy must set a limit on established connections. (Cat II impact)
The rhttpproxy client connections must be limited to preserve system resources and continue servicing connections without interruption. Without a limit set, the system would be vulnerable to a trivial denial-of-service attack where connections are created en masse and vCenter resources are entirely consumed. The rhttproxy comes configured with a tested and supported value that must be maintained.
At the command prompt, execute the following command: # xmllint --xpath '/config/vmacore/http/maxConnections' /etc/vmware-rhttpproxy/config.xml Expected result: <maxConnections> 2048 </maxConnections> If the output does not match the expected result, this is a finding.
Navigate to and open /etc/vmware-rhttpproxy/config.xml. Locate the <config>/<vmacore>/<http> block and configure <maxConnections> as follows: <maxConnections> 2048 </maxConnections> Restart the service for changes to take effect. # vmon-cli --restart rhttpproxy
The information system limits the number of concurrent sessions for each organization-defined account and/or account type to an organization-defined number of sessions.
Concurrent Session Control