Details
The FileETag directive configures the file attributes that are used to create the ETag (entity tag) response header field when the document is based on a static file. The ETag value is used in cache management to save network bandwidth. The value returned may be based on combinations of the file inode, the modification time, and the file size.
Rationale:
When the FileETag is configured to include the file inode number, a remote attacker may be able to discern the inode number from returned values. The inode is considered sensitive information, as it could be useful in assisting in other attacks.
Solution
Perform the following to implement the recommended state:
Add or modify the ‘FileETag’ directive in the server and each virtual host configuration to have the value ‘None’ or ‘MTime Size’.
Supportive Information
The following resource is also helpful.
This security hardening control applies to the following category of controls within NIST 800-53: Configuration Management.This control applies to the following type of system Unix.