STIGQter STIGQter: STIG Summary: Apache Server 2.4 Windows Server Security Technical Implementation Guide Version: 2 Release: 1 Benchmark Date: 23 Oct 2020:

An Apache web server, behind a load balancer or proxy server, must produce log records containing the client IP information as the source and destination and not the load balancer or proxy IP information with each event.

DISA Rule

SV-214312r505936_rule

Vulnerability Number

V-214312

Group Title

SRG-APP-000098-WSR-000060

Rule Version

AS24-W1-000130

Severity

CAT II

CCI(s)

Weight

10

Fix Recommendation

Access the proxy server through which inbound web traffic is passed and configure settings to pass web traffic to the Apache web server transparently.

Check Contents

Interview the System Administrator to review the configuration of the Apache web server architecture and determine if inbound web traffic is passed through a proxy.

If the Apache web server is receiving inbound web traffic through a proxy, the audit logs must be reviewed to determine if correct source information is being passed through by the proxy server.

View Apache log files as configured in "httpd.conf" files.

When the log file is displayed, review source IP information in log entries and verify the entries do not reflect the IP address of the proxy server.

If the log entries in the log file(s) reflect the IP address of the proxy server as the source, this is a finding.

Vulnerability Number

V-214312

Documentable

False

Rule Version

AS24-W1-000130

Severity Override Guidance

Interview the System Administrator to review the configuration of the Apache web server architecture and determine if inbound web traffic is passed through a proxy.

If the Apache web server is receiving inbound web traffic through a proxy, the audit logs must be reviewed to determine if correct source information is being passed through by the proxy server.

View Apache log files as configured in "httpd.conf" files.

When the log file is displayed, review source IP information in log entries and verify the entries do not reflect the IP address of the proxy server.

If the log entries in the log file(s) reflect the IP address of the proxy server as the source, this is a finding.

Check Content Reference

M

Target Key

3998

Comments