The web server defines a set of exceptions for every HTTP status code. Each exception class has a status code according to RFC 2068: Codes with 100-300 are not really errors; 400s are client errors, and 500s are server errors. If not directly specified, headers will be added to the default response headers. In the event of an anomaly or exception during the processing of requests, it is safer to terminate the connection to prevent malformed requests from exploiting potential protocol vulnerabilities.
Verify the web server terminates the connection if server-level exceptions are triggered when handling requests. If the web server does not terminate the connection if server-level exceptions are triggered when handling requests, this is a finding.
Configure web server to terminate the connection if server-level exceptions are triggered when handling requests to prevent HTTP request smuggling attacks.