Changes are coming to https://stigviewer.com.
Take our survey to help us understand your usage and how we can better serve you in the future.
Take Survey
The Apache web server must be tuned to handle the operational requirements of the hosted application.
Overview
| Finding ID | Version | Rule ID | IA Controls | Severity |
|---|---|---|---|---|
| V-92579 | AS24-W2-000830 | SV-102667r1_rule | Medium |
| Description |
|---|
| A denial of service (DoS) can occur when the web server is so overwhelmed that it can no longer respond to additional requests. A web server not properly tuned may become overwhelmed and cause a DoS condition even with expected traffic from users. To avoid a DoS, the web server must be tuned to handle the expected traffic for the hosted applications. Satisfies: SRG-APP-000435-WSR-000148, SRG-APP-000246-WSR-000149 |
| STIG | Date |
|---|---|
| Apache Server 2.4 Windows Site Security Technical Implementation Guide | 2020-06-17 |
Details
| Check Text ( C-91883r1_chk ) |
|---|
| Review the <'INSTALLED PATH'>\conf\httpd.conf file. Verify the "Timeout" directive is specified to have a value of "10" seconds or less. If the "Timeout" directive is not configured or is set for more than "10" seconds, this is a finding. |
| Fix Text (F-98821r1_fix) |
|---|
| Add or modify the "Timeout" directive in the Apache configuration to have a value of "10" seconds or less. "Timeout 10" |