HAProxy must set the maxconn value.
Overview
| Finding ID | Version | Rule ID | IA Controls | Severity |
|---|---|---|---|---|
| V-89217 | VRAU-HA-000490 | SV-99867r1_rule | Medium |
| Description |
|---|
| Limiting the total number of connections that a server is allowed to open prevents an attacker from overloading a web server. Overloading the server will prevent it from managing other tasks besides serving web requests. This setting works together with per-client limits to mitigate against DDoS attacks. |
| STIG | Date |
|---|---|
| VMW vRealize Automation 7.x HA Proxy Security Technical Implementation Guide | 2018-10-12 |
Details
| Check Text ( C-88909r1_chk ) |
|---|
| At the command line execute the following command: grep maxconn /etc/haproxy/haproxy.cfg If the "maxconn" value is not set to "32768", this is a finding. |
| Fix Text (F-95959r1_fix) |
|---|
| Navigate to and open /etc/haproxy/haproxy.cfg Navigate to the "globals" section and add the following line: maxconn 32768 |