UCF STIG Viewer Logo

The rhttpproxy must drop connections to disconnected clients.


Overview

Finding ID Version Rule ID IA Controls Severity
V-240716 VCRP-67-000001 SV-240716r679661_rule Medium
Description
The rhttpproxy client connections that are established but no longer connected can consume resources that might otherwise be required by active connections. It is a best practice to terminate connections that are no longer connected to an active client.
STIG Date
VMware vSphere 6.7 RhttpProxy Security Technical Implementation Guide 2022-01-03

Details

Check Text ( C-43949r679659_chk )
At the command prompt, execute the following command:

# xmllint --xpath '/config/vmacore/tcpKeepAlive/clientSocket/idleTimeSec' /etc/vmware-rhttpproxy/config.xml

Expected result:

900

If the output does not match the expected result, this is a finding.
Fix Text (F-43908r679660_fix)
Navigate to and open /etc/vmware-rhttpproxy/config.xml.

Locate the /// block and configure as follows:

900

Restart the service for changes to take effect.

# vmon-cli --restart rhttpproxy