The rhttpproxy must set a limit on established connections.
Overview
| Finding ID | Version | Rule ID | IA Controls | Severity |
|---|---|---|---|---|
| V-240717 | VCRP-67-000002 | SV-240717r679664_rule | Medium |
| Description |
|---|
| The rhttpproxy client connections must be limited to preserve system resources and continue servicing connections without interruption. Without a limit set, the system would be vulnerable to a trivial denial-of-service attack where connections are created en masse and vCenter resources are entirely consumed. The rhttproxy comes configured with a tested and supported value that must be maintained. |
| STIG | Date |
|---|---|
| VMware vSphere 6.7 RhttpProxy Security Technical Implementation Guide | 2022-01-03 |
Details
| Check Text ( C-43950r679662_chk ) |
|---|
| At the command prompt, execute the following command: # xmllint --xpath '/config/vmacore/http/maxConnections' /etc/vmware-rhttpproxy/config.xml Expected result: If the output does not match the expected result, this is a finding. |
| Fix Text (F-43909r679663_fix) |
|---|
| Navigate to and open /etc/vmware-rhttpproxy/config.xml. Locate the Restart the service for changes to take effect. # vmon-cli --restart rhttpproxy |