STIGhubSTIGhub
STIGsRMF ControlsCompare
STIGhub— A free STIG search and compliance tool·STIGs updated 3 days ago
Powered by Pylon·Privacy·Terms·© 2026 Beacon Cloud Solutions, Inc.
← Back to VMware vRealize Automation 7.x Lighttpd Security Technical Implementation Guide

V-240215

CAT II (Medium)

Lighttpd must limit the number of simultaneous requests.

Rule ID

SV-240215r879511_rule

STIG

VMware vRealize Automation 7.x Lighttpd Security Technical Implementation Guide

Version

V1R2

CCIs

CCI-000054

Discussion

Resource exhaustion can occur when an unlimited number of concurrent requests are allowed on a web site, facilitating a denial of service attack. Mitigating this kind of attack will include limiting the number of concurrent HTTP/HTTPS requests. Lighttpd is used for administrative purposes only. Lighttpd provides the maxConnections attribute of the <Connector Elements> to limit the number of concurrent TCP connections.

Check Content

At the command prompt, execute the following command:

grep 'server.max-connections = 1024' /opt/vmware/etc/lighttpd/lighttpd.conf

If the "server.max-connections" is not set to "1024", commented out, or does not exist, this is a finding.

Fix Text

Navigate to and open /opt/vmware/etc/lighttpd/lighttpd.conf   

Configure the "lighttpd.conf" file with the following value:

server.max-connections = 1024