OH12-1X-000001 - OHS must have the mpm property set to use the worker Multi-Processing Module (MPM) as the preferred means to limit the number of allowed simultaneous requests.

Gavin M. Dennis

22 April 2022 17:02

Details

Web server management includes the ability to control the number of users and user sessions that utilize a web server. Limiting the number of allowed users and sessions per user is helpful in limiting risks related to several types of Denial of Service attacks.

Although there is some latitude concerning the settings themselves, the settings should follow DoD-recommended values, but the settings should be configurable to allow for future DoD direction. While the DoD will specify recommended values, the values can be adjusted to accommodate the operational requirement of a given system.

Solution

1. Open $DOMAIN_HOME/config/fmwconfig/components/OHS//ohs.plugins.nodemanager.properties with an editor.

2. Set the 'mpm' property to a value of 'worker', add the property if it does not exist.

Supportive Information

The following resource is also helpful.

https://dl.dod.cyber.mil/wp-content/uploads/stigs/zip/U_Oracle_HTTP_Server_12-1-3_V1R7_STIG.zip

This security hardening control applies to the following category of controls within NIST 800-53: Access Control.This control applies to the following type of system Unix.

References

800-53|AC-10
CAT|II
CCI|CCI-000054
Rule-ID|SV-77643r1_rule
STIG-ID|OH12-1X-000001
Vuln-ID|V-63153

Source

Tenable.com/audits

PS. Before you go.

Request a quote to protect your organisation from cyber attacks and breaches.

Was this article helpful?

0 out of 0 found this helpful

Comments

0 comments

Please sign in to leave a comment.

Articles in this section