STIGQter: STIG Summary: Apache Server 2.4 Windows Server Security Technical Implementation Guide Version: 2 Release: 1 Benchmark Date: 23 Oct 2020:

The Apache web server must perform server-side session management.

DISA Rule

SV-214307r505936_rule

Vulnerability Number

V-214307

Group Title

SRG-APP-000001-WSR-000002

Rule Version

AS24-W1-000020

Severity

CAT II

CCI(s)

• CCI-000054 - The information system limits the number of concurrent sessions for each organization-defined account and/or account type to an organization-defined number of sessions.

Weight

10

Fix Recommendation

Uncomment the "usertrack_module" module line and the "session_module" module in the <'INSTALL PATH'>\conf\httpd.conf file.

Restart the Apache service.

Additional documentation can be found at:

https://httpd.apache.org/docs/2.4/mod/mod_usertrack.html

https://httpd.apache.org/docs/2.4/mod/mod_session.html

Check Contents

In a command line, navigate to "<'INSTALLED PATH'>\bin". Run "httpd -M" to view a list of installed modules.

If "mod_session" module and "mod_usertrack" are not enabled, this is a finding.

session_module (shared)
usertrack_module (shared)

Vulnerability Number

V-214307

Documentable

False

Rule Version

AS24-W1-000020

Severity Override Guidance

In a command line, navigate to "<'INSTALLED PATH'>\bin". Run "httpd -M" to view a list of installed modules.

If "mod_session" module and "mod_usertrack" are not enabled, this is a finding.

session_module (shared)
usertrack_module (shared)

Check Content Reference

M

Target Key

3998

Comments