UCF STIG Viewer Logo

OHS must be tuned to handle the operational requirements of the hosted application.


Overview

Finding ID Version Rule ID IA Controls Severity
V-64529 OH12-1X-000307 SV-79019r1_rule Medium
Description
A Denial of Service (DoS) can occur when the web server is so overwhelmed that it can no longer respond to additional requests. A web server not properly tuned may become overwhelmed and cause a DoS condition even with expected traffic from users. To avoid a DoS, the web server must be tuned to handle the expected traffic for the hosted applications.
STIG Date
Oracle HTTP Server 12.1.3 Security Technical Implementation Guide 2020-06-12

Details

Check Text ( C-65281r1_chk )
1. Check to see if the following directives have been set appropriately for the server and application:
MaxClients
MPM Module
-worker (StartServers, MinSpareThreads, MaxSpareThreads, ThreadsPerChild)
Timeout
KeepAlive
KeepAliveTimeout
MaxKeepAliveRequests
ListenBacklog
LimitRequestBody
LimitRequestFields
LimitRequestFieldSize
LimitRequestLine
LimitXMLRequestBody
LimitInternalRecursion

2. If the above directives have not been set to address the specific needs of the web server and applications, this is a finding.
Fix Text (F-70459r1_fix)
Set the following directives appropriately for the server and application:
MaxClients
MPM Module
-worker (StartServers, MinSpareThreads, MaxSpareThreads, ThreadsPerChild)
Timeout
KeepAlive
KeepAliveTimeout
MaxKeepAliveRequests
ListenBacklog
LimitRequestBody
LimitRequestFields
LimitRequestFieldSize
LimitRequestLine
LimitXMLRequestBody
LimitInternalRecursion