STIGQter STIGQter: STIG Summary: Oracle HTTP Server 12.1.3 Security Technical Implementation Guide Version: 1 Release: 7 Benchmark Date: 24 Jul 2020:

OHS must have the RewriteEngine directive enabled.

DISA Rule

SV-79135r1_rule

Vulnerability Number

V-64645

Group Title

SRG-APP-000516-WSR-000174

Rule Version

OH12-1X-000203

Severity

CAT III

CCI(s)

Weight

10

Fix Recommendation

1. As required, open $DOMAIN_HOME/config/fmwconfig/components/OHS/<componentName>/httpd.conf and every .conf file (e.g., ssl.conf) included in it with an editor that contains a "<VirtualHost>" directive.

2. Search for the "RewriteEngine" directive at the OHS server and virtual host configuration scopes.

3. Set the "RewriteEngine" directive to "On", add the directive if it does not exist unless inherited from a larger scope.

Check Contents

1. As required, open $DOMAIN_HOME/config/fmwconfig/components/OHS/<componentName>/httpd.conf and every .conf file (e.g., ssl.conf) included in it with an editor that contains a "<VirtualHost>" directive.

2. Search for the "RewriteEngine" directive at the OHS server and virtual host configuration scopes.

3. If the directive is omitted or is not set to "On", this is a finding unless inherited from a larger scope.

Vulnerability Number

V-64645

Documentable

False

Rule Version

OH12-1X-000203

Severity Override Guidance

1. As required, open $DOMAIN_HOME/config/fmwconfig/components/OHS/<componentName>/httpd.conf and every .conf file (e.g., ssl.conf) included in it with an editor that contains a "<VirtualHost>" directive.

2. Search for the "RewriteEngine" directive at the OHS server and virtual host configuration scopes.

3. If the directive is omitted or is not set to "On", this is a finding unless inherited from a larger scope.

Check Content Reference

M

Target Key

2753

Comments