STIGQter: STIG Summary: APACHE 2.2 Server for Windows Security Technical Implementation Guide Version: 1 Release: 13 Benchmark Date: 25 Jan 2019: STIGQter: STIG Summary: APACHE 2.2 Server for Windows Security Technical Implementation Guide Version: 1 Release: 13 Benchmark Date: 25 Jan 2019:SV-33011r3_rule
V-13739
WA000-WWA066
WA000-WWA066 W22
CAT II
10
Set LimitRequestLine to 8190 or approved value. If no LimitRequestLine directives exist, explicitly add the directive and set to 8190.
Locate the Apache httpd.conf file.
Open the httpd.conf file with an editor such as notepad, and search for the following uncommented directive: LimitRequestLine
Every enabled LimitRequestLine value needs to be 8190. If any directive is set improperly, this is a Finding.
If no LimitRequestLine directives exist, this is a Finding. Although the default value is 8190, this directive must be explicitly set.
NOTE: This value may vary in size based on the application that is being supported by the web server. This vulnerability can be documented locally by the ISSM/ISSO if the site has operational reasons for an increased or decreased value. If the ISSM/ISSO has approved this change in writing, this should be marked as Not a Finding.
V-13739
False
WA000-WWA066 W22
Locate the Apache httpd.conf file.
Open the httpd.conf file with an editor such as notepad, and search for the following uncommented directive: LimitRequestLine
Every enabled LimitRequestLine value needs to be 8190. If any directive is set improperly, this is a Finding.
If no LimitRequestLine directives exist, this is a Finding. Although the default value is 8190, this directive must be explicitly set.
NOTE: This value may vary in size based on the application that is being supported by the web server. This vulnerability can be documented locally by the ISSM/ISSO if the site has operational reasons for an increased or decreased value. If the ISSM/ISSO has approved this change in writing, this should be marked as Not a Finding.
M
Web Administrator
158