Details

A denial of service (DoS) can occur when the Apache web server is so overwhelmed that it can no longer respond to additional requests. A web server not properly tuned may become overwhelmed and cause a DoS condition even with expected traffic from users. To avoid a DoS, the Apache web server must be tuned to handle the expected traffic for the hosted applications.

Satisfies: SRG-APP-000246-WSR-000149, SRG-APP-000435-WSR-000148

Solution

Determine the location of the ‘HTTPD_ROOT’ directory and the ‘httpd.conf’ file:

# httpd -V | egrep -i ‘httpd_root|server_config_file’
-D HTTPD_ROOT=’/etc/httpd’
-D SERVER_CONFIG_FILE=’conf/httpd.conf’

Add or modify the ‘Timeout’ directive to have a value of ’10’ seconds or less:

‘Timeout 10’

Supportive Information

The following resource is also helpful.

• https://dl.dod.cyber.mil/wp-content/uploads/stigs/zip/U_Apache_Server_2-4_UNIX_Y22M01_STIG.zip

This security hardening control applies to the following category of controls within NIST 800-53: System and Communications Protection.This control applies to the following type of system Unix.

References

• 800-53|SC-5
• 800-53|SC-5(1)
• CAT|II
• CCI|CCI-001094
• CCI|CCI-002385
• Rule-ID|SV-214255r612240_rule
• STIG-ID|AS24-U1-000590
• STIG-Legacy|SV-102785
• STIG-Legacy|V-92697
• Vuln-ID|V-214255

Source

• Tenable.com/audits