Use the following guidelines for restricting the size of incoming messages in services:

• Limit the size of input messages that services accept to protect them against Denial of Service (DoS) attacks.

  - If services call other services as part of their operation, make sure the message sizes are within a range.
  - Some servers allow setting these values in configuration files.
  

Notes:

• According to NIST 800-95, oversized XML documents can also cause XML parsers to collapse. Configure the server the service is running on to only accept messages up to a certain size.

• This countermeasure might not be required if your architecture is designed in a way that you have low load on your server by using techniques such as DNS or TCP/IP load balancing. Check whether your application is still vulnerable to amplification attacks after using such techniques. If so, then apply the requirements in this countermeasure.

Imported from SD Elements: https://redhat.sdelements.com/bunits/psse-secure-development/group-2-extended-functionality-offerings/storage-base-remediation/tasks/phase/requirements/390-T536/