Details

Resource exhaustion can occur when an unlimited number of concurrent requests are allowed on a web site, facilitating a denial of service attack. Mitigating this kind of attack will include limiting the number of concurrent HTTP/HTTPS requests per IP address and may include, where feasible, limiting parameter values associated with keepalive, (i.e., a parameter used to limit the amount of time a connection may be inactive).

Solution

Edit the httpd.conf file and set the MaxKeepAliveRequests directive to 100 or greater.

Supportive Information

The following resource is also helpful.

• https://iasecontent.disa.mil/stigs/zip/U_Apache_2-2_UNIX_V1R11_STIG.zip

This security hardening control applies to the following category of controls within NIST 800-53: System and Communications Protection.This control applies to the following type of system Unix.

References

• 800-53|SC-6.
• CAT|II
• Rule-ID|SV-33018r1_rule
• STIG-ID|WG110_A22
• Vuln-ID|V-2240

Source

• Tenable.com/audits