UCF STIG Viewer Logo

The number of allowed simultaneous requests must be set.


Overview

Finding ID Version Rule ID IA Controls Severity
V-2240 WG110 W22 SV-33105r2_rule Medium
Description
Resource exhaustion can occur when an unlimited number of concurrent requests are allowed on a web site, facilitating a denial of service attack. Mitigating this kind of attack will include limiting the number of concurrent HTTP/HTTPS requests per IP address and may include, where feasible, limiting parameter values associated with keepalive, (i.e., a parameter used to limit the amount of time a connection may be inactive).
STIG Date
APACHE 2.2 Site for Windows Security Implementation Guide 2017-10-02

Details

Check Text ( C-33766r2_chk )
NOTE: This setting must be explicitly set.

Locate the Apache httpd.conf file.

If unable to locate the file, perform a search of the system to find the location of the file.

Open the httpd.conf file with an editor such as notepad, and search for the following uncommented directive: MaxKeepAliveRequests

Every enabled MaxKeepAliveRequests value needs to be 100 or greater. If any directive is less than 100, this is a finding.
Fix Text (F-29403r1_fix)
Set the MaxKeepAliveRequests directive to 100 or greater.