STIGhubSTIGhub
STIGsSearchCompareAbout

STIGhub

A free tool to search and browse the entire DISA STIG library. Saves up to 75% in security compliance research time.

Navigation

  • Browse STIGs
  • Search
  • Compare Versions

Resources

  • About
  • VPAT
  • DISA STIG Library
Powered by Pylon
© 2026 Beacon Cloud Solutions, Inc. All rights reserved.
← Back to Apache Server 2.4 Windows Server Security Technical Implementation Guide

V-214338

CAT II (Medium)

The Apache web server must restrict the ability of users to launch denial-of-service (DoS) attacks against other information systems or networks.

Rule ID

SV-214338r1192947_rule

STIG

Apache Server 2.4 Windows Server Security Technical Implementation Guide

Version

V3R4

CCIs

CCI-001094, CCI-002385

Discussion

Apache web server can limit the ability of the web server being used in a DoS attack through several methods. The methods employed will depend upon the hosted applications and their resource needs for proper operation. A DoS can occur when the Apache web server is so overwhelmed that it can no longer respond to additional requests. A web server not properly tuned may become overwhelmed and cause a DoS condition even with expected traffic from users. To avoid a DoS, the Apache web server must be tuned to handle the expected traffic for the hosted applications. Satisfies: SRG-APP-000246-WSR-000149, SRG-APP-000435-WSR-000148

Check Content

Review the <'INSTALLED PATH'>\conf\httpd.conf file.

Verify the "Timeout" directive is specified in the "httpd.conf" file to have a value of "60" seconds or less.

If the "Timeout" directive is not configured or set for more than "60" seconds, this is a finding.

Fix Text

Review the <'INSTALLED PATH'>\conf\httpd.conf file.

Add or modify the "Timeout" directive in the Apache configuration to have a value of "60" seconds or less.

"Timeout 60"

Restart the Apache service.