AS24-U2-000020 – The Apache web server must perform server-side session management – session_module
Details Session management is the practice of protecting the bulk of the user authorization and identity information. This data can...
- Home
- Security Hardening
- DISA STIG Apache Server 2.4 Unix Site V2R2
DISA STIG Apache Server 2.4 Unix Site V2R2
AS24-U2-000020 – The Apache web server must perform server-side session management – usertrack_module
Details Session management is the practice of protecting the bulk of the user authorization and identity information. This data can...AS24-U2-000030 – The Apache web server must use encryption strength in accordance with the categorization of data hosted by the Apache web server when remote connections are provided – ssl_module
Details The Apache web server has several remote communications channels. Examples are user requests via http/https, communication to a backend...AS24-U2-000030 – The Apache web server must use encryption strength in accordance with the categorization of data hosted by the Apache web server when remote connections are provided – SSLProtocol
Details The Apache web server has several remote communications channels. Examples are user requests via http/https, communication to a backend...AS24-U2-000090 – The Apache web server must produce log records containing sufficient information to establish what type of events occurred.
Details Apache web server logging capability is critical for accurate forensic analysis. Without sufficient and accurate information, a correct replay...AS24-U2-000090 – The Apache web server must produce log records containing sufficient information to establish what type of events occurred – log_config_module
Details Apache web server logging capability is critical for accurate forensic analysis. Without sufficient and accurate information, a correct replay...AS24-U2-000240 – The Apache web server must not perform user management for hosted applications.
Details User management and authentication can be an essential part of any application hosted by the web server. Along with...AS24-U2-000300 – The Apache web server must have Multipurpose Internet Mail Extensions (MIME) that invoke operating system shell programs disabled.
Details Controlling what a user of a hosted application can access is part of the security posture of the web...AS24-U2-000310 – The Apache web server must allow mappings to unused and vulnerable scripts to be removed.
Details Scripts allow server-side processing on behalf of the hosted application user or as processes needed in the implementation of...AS24-U2-000320 – The Apache web server must have resource mappings set to disable the serving of certain file types.
Details Resource mapping is the process of tying a particular file type to a process in the web server that...