The Apache web server must be tuned to handle the operational requirements of the hosted application.
Severity | Group ID | Group Title | Version | Rule ID | Date | STIG Version |
|---|---|---|---|---|---|---|
| medium | V-214354 | SRG-APP-000435-WSR-000148 | AS24-W1-000830 | SV-214354r1067792_rule | 2025-02-12 | 3 |
| Description |
|---|
| A denial of service (DoS) can occur when the Apache web server is so overwhelmed that it can no longer respond to additional requests. A web server not properly tuned may become overwhelmed and cause a DoS condition even with expected traffic from users. To avoid a DoS, the Apache web server must be tuned to handle the expected traffic for the hosted applications. |
| ℹ️ Check |
|---|
| Verify the "Timeout" directive is specified in the Apache configuration files to have a value of "60" seconds or less. If the "Timeout" directive is not configured or set for more than "60" seconds, this is a finding. |
| ✔️ Fix |
|---|
| Add or modify the "Timeout" directive in the Apache configuration to have a value of "60" seconds or less. "Timeout 60" Restart the Apache service. |