Update/Questionable control 7

[hordijk]

Control 7 (Control simultaneous connections) expects a limit_conn with a value of 5.

nginx-baseline/controls/nginx_spec.rb

Lines 184 to 194 in b54b03c

	control 'nginx-07' do
	impact 1.0
	title 'Control simultaneous connections'
	desc 'NginxHttpLimitZone module to limit the number of simultaneous connections for the assigned session or as a special case, from one IP address.'
	describe parse_config(nginx_parsed_config, options) do
	its('limit_conn_zone') { should eq '$binary_remote_addr zone=default:10m' }
	end
	describe parse_config(nginx_parsed_config, options) do
	its('limit_conn') { should eq 'default 5' }
	end
	end

Modern web browsers supports 6 (or more) connections per hostname, see the table on https://developer.pushtechnology.com/cloud/latest/manual/html/designguide/solution/support/connection_limitations.html#connection_limitations__conn_ie and the overview on http://www.browserscope.org/?category=network&v=top.

I'm wondering on what basis 5 was chosen?

With modern browsers the the limit of 5 is exceeded with ease. The server will return an error in reply to a request (which might result in a broken site).

With the limit_conn_zone $binary_remote_addr zone=default:10m; the errors might occur more frequently given the use of proxy-servers.

Can you elaborate whether the value of 5 is still the correct value taken into account modern browsers and the use of proxy-servers.