Ensure OverRide Is Disabled for the OS Root Directory – exclude AllowOverrideList
Details The Apache AllowOverRide directive and the new AllowOverrideList directive allow for .htaccess files to be used to override much...
- Home
- Security Hardening
- CIS Apache HTTP Server 2.4 L1 V2.0.0 Middleware
CIS Apache HTTP Server 2.4 L1 V2.0.0 Middleware
Ensure the Apache User Account Has an Invalid Shell
Details The apache account must not be used as a regular login account, and should be assigned an invalid or...Ensure the Apache User Account Is Locked
Details The user account under which Apache runs should not have a valid password, but should be locked. Rationale: As...Ensure the Apache Web Server Runs As a Non-Root User – Group
Details Although Apache is typically started with root privileges in order to listen on port 80 and 443, it can...Ensure the Apache Web Server Runs As a Non-Root User – id
Details Although Apache is typically started with root privileges in order to listen on port 80 and 443, it can...Ensure the Apache Web Server Runs As a Non-Root User – User
Details Although Apache is typically started with root privileges in order to listen on port 80 and 443, it can...Ensure the Autoindex Module Is Disabled
Details The Apache autoindex module automatically generates web page listing the contents of directories on the server, typically used so...Ensure the Basic and Digest Authentication Modules are Disabled
Details The Apache mod_auth_basic and mod_auth_digest modules support HTTP Basic Authentication and HTTP Digest Authentication respectively. The two authentication protocols...Ensure the Default CGI Content printenv Script Is Removed
Details Most Web Servers, including Apache installations have default CGI content which is not needed or appropriate for production use....Ensure the Default CGI Content test-cgi Script Is Removed
Details Most Web Servers, including Apache installations have default CGI content which is not needed or appropriate for production use....