Configuring the Apache web server to prevent denial of service attack in Symantec Endpoint Protection 12.1.2 (12.1 RU2) and later
|Article:TECH205208|||||Created: 2013-04-17|||||Updated: 2013-06-21|||||Article URL http://www.symantec.com/docs/TECH205208|
Vulnerability testing shows that Symantec Endpoint Protection Manager (SEPM) is vulnerable to a specific denial of service exploit, CVE-2007-6750, related to the lack of the
- Symantec Endpoint Protection 12.1.2 (12.1 Release Update 2) and SEP 12.1 RU2 MP1
- Later releases of the SEPM are not vulnerable
This issue is fixed in Symantec Endpoint Protection 12.1 Release Update 3 (SEP 12.1.3). Please upgrade to take advantage of this and many other enhancements and improvements.
If it is not immediately possible to upgrade, work around this issue by implementing the module that is missing in Apache. This workaround applies only to Symantec Endpoint Protection 12.1.2 (12.1 RU2) or later. If you use an earlier build, you should upgrade to version 12.1.2 or later, and then implement the following workaround.
Warning: if you implement the workaround when using version 12.1.2 and then upgrade from version 12.1.2 to version 126.96.36.199 (12.1 RU2 MP1), you need to apply this workaround again.
To add the module to the Apache web server:
- Download and save to disk the
mod_reqtimeout.somodule attached to this document.
- Copy the file into the
Note: On most systems, the default SEPM installation directory is
C:\Program Files\Symantec\Symantec Endpoint Protection Manager.
%SEPM_Install_Dir%\apache\conf\httpd.confwith a plain text editor such as Notepad, and then add the following lines to the bottom:
LoadModule reqtimeout_module modules/mod_reqtimeout.so
RequestReadTimeout header=10-60,MinRate=1024 body=30-120,MinRate=1024
Note: The default configuration settings for
mod_reqtimeoutare basic settings. You may want to further adjust them for your needs. For more info, see the following page:
- Restart the Symantec Endpoint Protection Manager Webserver service.
Article URL http://www.symantec.com/docs/TECH205208