UCF STIG Viewer Logo
Changes are coming to https://stigviewer.com. Take our survey to help us understand your usage and how we can better serve you in the future.
Take Survey

The number of allowed simultaneous requests will be limited for web sites.


Overview

Finding ID Version Rule ID IA Controls Severity
V-2240 WG110 SV-2240r6_rule DCBP-1 Medium
Description
Resource exhaustion can occur when an unlimited number of concurrent requests are allowed on a web site, facilitating a denial of service attack. Mitigating this kind of attack will include limiting the number of concurrent HTTP/HTTPS requests per IP address and may include, where feasible, limiting parameter values associated with keepalive, (i.e., a parameter used to limit the amount of time a connection may be inactive).
STIG Date
Web Server STIG 2010-10-07

Details

Check Text ( C-29061r1_chk )
The reviewer will query the IAO, the SA, the web administrator, or developers as necessary to determine if the web server is configured to permit an unlimited number of HTTP requests. Not all web servers have this capability.

If the web server you are reviewing cannot be configured to limit HTTP requests, mark this check as Not Applicable.

Ask the web administrator to provide you with the number of HTTP requests the server is configured to accept. The provided number indicates an HTTP request limitation and satisfies the requirement.

If the web administrator cannot provide this information, this is a finding.



Fix Text (F-26067r1_fix)
Configure the web server to limit the number of HTTP requests.