The Apache web server must be tuned to handle the operational requirements of the hosted application.
Overview
| Finding ID | Version | Rule ID | IA Controls | Severity |
| V-214392 | AS24-W2-000830 | SV-214392r1067798_rule | CCI-001094 | medium |
| Description | ||||
| A denial of service (DoS) can occur when the web server is so overwhelmed that it can no longer respond to additional requests. A web server not properly tuned may become overwhelmed and cause a DoS condition even with expected traffic from users. To avoid a DoS, the web server must be tuned to handle the expected traffic for the hosted applications. Satisfies: SRG-APP-000435-WSR-000148, SRG-APP-000246-WSR-000149 | ||||
| STIG | Date | |||
| Apache Server 2.4 Windows Site Security Technical Implementation Guide | 2025-02-12 | |||
Details
Check Text (C-214392r1067798_chk)
Review the <'INSTALLED PATH'>\conf\httpd.conf file.
Verify the "Timeout" directive is specified to have a value of "60" seconds or less.
If the "Timeout" directive is not configured or is set for more than "60" seconds, this is a finding.
Fix Text (F-15601r1067797_fix)
Add or modify the "Timeout" directive in the Apache configuration to have a value of "60" seconds or less.
"Timeout 60"