STIGQter: STIG Summary: VMW vRealize Automation 7.x HA Proxy Security Technical Implementation Guide Version: 1 Release: 1 Benchmark Date: 28 Sep 2018:

HAProxy must enable cookie-based persistence in a backend.

DISA Rule

SV-100949r1_rule

Vulnerability Number

V-90299

Group Title

SRG-APP-000001-WSR-000002

Rule Version

VRAU-HA-000010

Severity

CAT II

CCI(s)

• CCI-000054 - The information system limits the number of concurrent sessions for each organization-defined account and/or account type to an organization-defined number of sessions.

Weight

10

Fix Recommendation

Navigate to and open the following files:

/etc/haproxy/conf.d/20-vcac.cfg
/etc/haproxy/conf.d/30-vro-config.cfg

Configure each backend with the following value:

'cookie JSESSIONID prefix'

Check Contents

Navigate to and open the following files:

/etc/haproxy/conf.d/20-vcac.cfg
/etc/haproxy/conf.d/30-vro-config.cfg

Verify that each backend is configured with the following:

cookie JSESSIONID prefix

If "cookie" is not set for each backend, this is a finding.

Vulnerability Number

V-90299

Documentable

False

Rule Version

VRAU-HA-000010

Severity Override Guidance

Navigate to and open the following files:

/etc/haproxy/conf.d/20-vcac.cfg
/etc/haproxy/conf.d/30-vro-config.cfg

Verify that each backend is configured with the following:

cookie JSESSIONID prefix

If "cookie" is not set for each backend, this is a finding.

Check Content Reference

M

Target Key

3455

Comments