STIGhubSTIGhub
STIGsRMF ControlsCompare

STIGhub

A free tool to search and browse the entire DISA STIG library. Saves up to 75% in security compliance research time.

Navigation

  • Browse STIGs
  • Search
  • RMF Controls
  • Compare Versions

Resources

  • About
  • Release Notes
  • VPAT
  • DISA STIG Library
STIGs updated 3 hours ago
Powered by Pylon
© 2026 Beacon Cloud Solutions, Inc. All rights reserved.
← Back to VMware vRealize Automation 7.x Lighttpd Security Technical Implementation Guide

V-240215

CAT II (Medium)

Lighttpd must limit the number of simultaneous requests.

Rule ID

SV-240215r879511_rule

STIG

VMware vRealize Automation 7.x Lighttpd Security Technical Implementation Guide

Version

V1R2

CCIs

CCI-000054

Discussion

Resource exhaustion can occur when an unlimited number of concurrent requests are allowed on a web site, facilitating a denial of service attack. Mitigating this kind of attack will include limiting the number of concurrent HTTP/HTTPS requests. Lighttpd is used for administrative purposes only. Lighttpd provides the maxConnections attribute of the <Connector Elements> to limit the number of concurrent TCP connections.

Check Content

At the command prompt, execute the following command:

grep 'server.max-connections = 1024' /opt/vmware/etc/lighttpd/lighttpd.conf

If the "server.max-connections" is not set to "1024", commented out, or does not exist, this is a finding.

Fix Text

Navigate to and open /opt/vmware/etc/lighttpd/lighttpd.conf   

Configure the "lighttpd.conf" file with the following value:

server.max-connections = 1024