AS24-U1-000300 – The Apache web server must have resource mappings set to disable the serving of certain file types.
Details Resource mapping is the process of tying a particular file type to a process in the web server that...
- Home
- Security Hardening
- DISA STIG Apache Server 2.4 Unix Server V2R5 Middleware
DISA STIG Apache Server 2.4 Unix Server V2R5 Middleware
AS24-U1-000310 – The Apache web server must allow the mappings to unused and vulnerable scripts to be removed.
Details Scripts allow server-side processing on behalf of the hosted application user or as processes needed in the implementation of...AS24-U1-000330 – The Apache web server must have Web Distributed Authoring (WebDAV) disabled.
Details A web server can be installed with functionality that, by its nature, is not secure. WebDAV is an extension...AS24-U1-000360 – The Apache web server must be configured to use a specified IP address and port – IP or Port Only
Details The web server must be configured to listen on a specified IP address and port. Without specifying an IP...AS24-U1-000360 – The Apache web server must be configured to use a specified IP address and port – Zero IPs Only
Details The web server must be configured to listen on a specified IP address and port. Without specifying an IP...AS24-U1-000430 – Apache web server accounts accessing the directory tree, the shell, or other operating system functions and utilities must only be administrative accounts.
Details As a rule, accounts on a web server are to be kept to a minimum. Only administrators, web managers,...AS24-U1-000440 – Apache web server application directories, libraries, and configuration files must only be accessible to privileged users.
Details By separating Apache web server security functions from non-privileged users, roles can be developed that can then be used...AS24-U1-000470 – Cookies exchanged between the Apache web server and client, such as session cookies, must have security settings that disallow cookie access outside the originating Apache web server and hosted application – SessionCookieName HttpOnly Secure
Details Cookies are used to exchange data between the web server and the client. Cookies, such as a session cookie,...AS24-U1-000510 – The Apache web server must generate a session ID long enough that it cannot be guessed through brute force – session_crypto
Details Generating a session identifier (ID) that is not easily guessed through brute force is essential to deter several types...AS24-U1-000510 – The Apache web server must generate a session ID long enough that it cannot be guessed through brute force – SessionCryptoCipher
Details Generating a session identifier (ID) that is not easily guessed through brute force is essential to deter several types...