Ensure REST Connection Limit is Set


If the REST API service is configured, the Connection Limit should be set.


The REST API may be accessed remotely, using either HTTP (though this is not recommended) or HTTPS.

An attacker may attempt to open a large number of sessions to the REST API service to exhaust the routers resources or an authorized user may do so accidently, especially given that the service is designed to allow an automation interface to JUNOS.

To limit the impact of any such incident, the number of concurrent connections to the REST API service should explicitly limited.

A relatively low value of 10 is recommended, but may not be appropriate for all environments so it is left to the administrator's discretion.


If the connection limit has been reached, additional REST API sessions will be rejected until an existing session has ended.

NOTE: REST does not appear to be configured on the target. This check is not applicable.


To enable a REST API Connection Limit, enter the following command at the [edit system services rest] hierarchy:

[edit system services rest]
[email protected]# set control connection-limit <limit>

Where <limit> is the desired Connection Limit.

Default Value:

The REST API Service is disabled by default. When enabled, the default Connection Limit for most platforms is 64.

See Also


Item Details


References: 800-53|AC-6(10), CSCv7|4.7

Plugin: Juniper

Control ID: a55b225eaec512f09ef49a149bbfd0e10b18cf18de3e36eb30cc01fb26e22109