STIGQter: STIG Summary: APACHE 2.2 Server for UNIX Security Technical Implementation Guide Version: 1 Release: 11 Benchmark Date: 25 Jan 2019:

The web server must not be configured as a proxy server.

DISA Rule

SV-33220r3_rule

Vulnerability Number

V-26299

Group Title

WA00520

Rule Version

WA00520 A22

Severity

CAT II

CCI(s)

• CCI-000366 - The organization implements the security configuration settings.

Weight

10

Fix Recommendation

Edit the httpd.conf file and remove the following modules:

proxy_module
proxy_ajp_module
proxy_balancer_module
proxy_ftp_module
proxy_http_module
proxy_connect_module

Check Contents

Note: If the Apache web server is only performing in a proxy server role and does not host any websites nor support any applications, this check is Not Applicable.

Enter the following command:
/usr/local/Apache2.2/bin/httpd –M.
This will provide a list of all loaded modules. If any of the following modules are found, this is a finding:
proxy_module
proxy_ajp_module
proxy_balancer_module
proxy_ftp_module
proxy_http_module
proxy_connect_module

Vulnerability Number

V-26299

Documentable

False

Rule Version

WA00520 A22

Severity Override Guidance

Note: If the Apache web server is only performing in a proxy server role and does not host any websites nor support any applications, this check is Not Applicable.

Enter the following command:
/usr/local/Apache2.2/bin/httpd –M.
This will provide a list of all loaded modules. If any of the following modules are found, this is a finding:
proxy_module
proxy_ajp_module
proxy_balancer_module
proxy_ftp_module
proxy_http_module
proxy_connect_module

Check Content Reference

M

Responsibility

Web Administrator

Target Key

158

Comments