Check: AS24-W1-000260
Apache Server 2.4 Windows Server STIG:
AS24-W1-000260
(in versions v2 r3 through v1 r0.1)
Title
The Apache web server must not be a proxy server. (Cat II impact)
Discussion
A web server should be primarily a web server or a proxy server but not both, for the same reasons that other multi-use servers are not recommended. Scanning for web servers that will also proxy requests into an otherwise protected network is a very common attack, making the attack anonymous.
Check Content
In a command line, CD to "<'INSTALLED PATH'>\bin". Run "httpd -M" to view a list of installed modules. If any of the following modules are present, this is a finding: proxy_module proxy_ajp_module proxy_balancer_module proxy_ftp_module proxy_http_module proxy_connect_module
Fix Text
Edit the <'INSTALL PATH'>\conf\httpd.conf file and remove the following modules: proxy_module proxy_ajp_module proxy_balancer_module proxy_ftp_module proxy_http_module proxy_connect_module
Additional Identifiers
Rule ID: SV-214320r879587_rule
Vulnerability ID: V-214320
Group Title: SRG-APP-000141-WSR-000076
Expert Comments
CCIs
Number | Definition |
---|---|
CCI-000381 |
The organization configures the information system to provide only essential capabilities. |
Controls
Number | Title |
---|---|
CM-7 |
Least Functionality |