AS24-U1-000590 - The Apache web server must be tuned to handle the operational requirements of the hosted application.

Warning! Audit Deprecated

This audit has been deprecated and will be removed in a future update.

View Next Audit Version

Information

A denial of service (DoS) can occur when the Apache web server is so overwhelmed that it can no longer respond to additional requests. A web server not properly tuned may become overwhelmed and cause a DoS condition even with expected traffic from users. To avoid a DoS, the Apache web server must be tuned to handle the expected traffic for the hosted applications.

Satisfies: SRG-APP-000246-WSR-000149, SRG-APP-000435-WSR-000148

Solution

Determine the location of the 'HTTPD_ROOT' directory and the 'httpd.conf' file:

# httpd -V | egrep -i 'httpd_root|server_config_file'
-D HTTPD_ROOT='/etc/httpd'
-D SERVER_CONFIG_FILE='conf/httpd.conf'

Add or modify the 'Timeout' directive to have a value of '10' seconds or less:

'Timeout 10'

See Also

https://dl.dod.cyber.mil/wp-content/uploads/stigs/zip/U_Apache_Server_2-4_UNIX_Y22M01_STIG.zip

Item Details

Category: SYSTEM AND COMMUNICATIONS PROTECTION

References: 800-53|SC-5, CAT|II, CCI|CCI-001094, CCI|CCI-002385, Rule-ID|SV-214255r612240_rule, STIG-ID|AS24-U1-000590, STIG-Legacy|SV-102785, STIG-Legacy|V-92697, Vuln-ID|V-214255

Plugin: Unix

Control ID: 96424c6f1d0e10bbdea73467ca2eb6fe948e4f64daaed41087a214c6a09ff20a