Check: WG205 W22
APACHE 2.2 Site for Windows STIG:
WG205 W22
(in versions v1 r13 through v1 r10)
Title
The web document (home) directory must be in a separate partition from the web server’s system files. (Cat II impact)
Discussion
Application partitioning enables an additional security measure by securing user traffic under one security context, while managing system and application files under another. Web content is accessible to an anonymous web user. For such an account to have access to system files of any type is a major security risk that is avoidable and desirable. Failure to partition the system files from the web site documents increases risk of attack via directory traversal, or impede web site availability due to drive space exhaustion.
Check Content
Verify that installation directories for Apache HTTP server are located on another partition, other than the OS partition. Locate the Apache httpd.conf file. If unable to locate the file, perform a search of the system to find the location of the file. Open the httpd.conf file with an editor such as notepad, and search for the following uncommented directives: DocumentRoot, ErrorLog, CustomLog Note the location specified for each of the directives. If the path for any of the directives is on the same partition as the web server operating system files, this is a finding.
Fix Text
Move the web server system files including the web document root (home) and log directories to a separate partition, other than the OS partition.
Additional Identifiers
Rule ID: SV-33108r1_rule
Vulnerability ID: V-3333
Group Title: WG205
Expert Comments
CCIs
Number | Definition |
---|---|
No CCIs are assigned to this check |
Controls
Number | Title |
---|---|
No controls are assigned to this check |