9.1 Ensure the TimeOut Is Set to 10 or Less


Denial of Service (DoS) is an attack technique with the intent of preventing a web site from serving normal user activity. DoS attacks, which are normally applied to the network layer, are also possible at the application layer. These malicious attacks can succeed by starving a system of critical resources, vulnerability exploit, or abuse of functionality. Although there is no 100% solution for preventing DoS attacks, the following recommendation uses the Timeout directive to mitigate some of the risk, by requiring more effort for a successful DoS attack. Of course, DoS attacks can happen in rather unintentional ways as well as intentional and these directives will help in many of those situations as well.


One common technique for DoS is to initiate many connections to the server. By decreasing the timeout for old connections and we allow the server to free up resources more quickly and be more responsive. By making the server more efficient, it will be more resilient to DoS conditions. The Timeout directive affects several timeout values for Apache, so review the Apache document carefully. http://httpd.apache.org/docs/2.4/mod/core.html#timeout


Perform the following to implement the recommended state:
Add or modify the Timeout directive in the Apache configuration to have a value of 10 seconds or shorter.

Timeout 10

Default Value:

Timeout 60

See Also


Item Details


References: 800-53|SC-7(8), CSCv7|9

Plugin: Unix

Control ID: efb9e44bd5905934bf7a1a96ab0df2a7830dc5d20acd9ae3ccf217e87dfc0ef3