Home
Security Hardening
DISA STIG Apache Server 2.4 Unix Site V2R2

DISA STIG Apache Server 2.4 Unix Site V2R2

AS24-U2-000580 – The Apache web server document directory must be in a separate partition from the Apache web servers system files.
Details A web server is used to deliver content on the request of a client. The content delivered to a...
AS24-U2-000590 – The Apache web server must be tuned to handle the operational requirements of the hosted application.
Details A denial of service (DoS) can occur when the Apache web server is so overwhelmed that it can no...
AS24-U2-000620 – The Apache web server must display a default hosted application web page, not a directory listing, when a requested web page cannot be found.
Details The goal is to completely control the web user’s experience in navigating any portion of the web document root...
AS24-U2-000630 – Warning and error messages displayed to clients must be modified to minimize the identity of the Apache web server, patches, loaded modules, and directory paths.
Details Information needed by an attacker to begin looking for possible vulnerabilities in an Apache web server includes any information...
AS24-U2-000640 – Debugging and trace information used to diagnose the Apache web server must be disabled.
Details Information needed by an attacker to begin looking for possible vulnerabilities in a web server includes any information about...
AS24-U2-000650 – The Apache web server must set an absolute timeout for sessions.
Details Leaving sessions open indefinitely is a major security risk. An attacker can easily use an already authenticated session to...
AS24-U2-000660 – The Apache web server must set an inactive timeout for sessions – reqtimeout_module
Details Leaving sessions open indefinitely is a major security risk. An attacker can easily use an already authenticated session to...
AS24-U2-000660 – The Apache web server must set an inactive timeout for sessions – RequestReadTimeout
Details Leaving sessions open indefinitely is a major security risk. An attacker can easily use an already authenticated session to...
AS24-U2-000680 – The Apache web server must restrict inbound connections from nonsecure zones.
Details Remote access to the Apache web server is any access that communicates through an external, non-organization-controlled network. Remote access...
AS24-U2-000700 – Non-privileged accounts on the hosting system must only access Apache web server security-relevant information and functions through a distinct administrative account.
Details By separating Apache web server security functions from non-privileged users, roles can be developed that can then be used...

Prev Next

DISA STIG Apache Server 2.4 Unix Site V2R2

AS24-U2-000580 – The Apache web server document directory must be in a separate partition from the Apache web servers system files.

AS24-U2-000590 – The Apache web server must be tuned to handle the operational requirements of the hosted application.

AS24-U2-000620 – The Apache web server must display a default hosted application web page, not a directory listing, when a requested web page cannot be found.

AS24-U2-000630 – Warning and error messages displayed to clients must be modified to minimize the identity of the Apache web server, patches, loaded modules, and directory paths.

AS24-U2-000640 – Debugging and trace information used to diagnose the Apache web server must be disabled.

AS24-U2-000650 – The Apache web server must set an absolute timeout for sessions.

AS24-U2-000660 – The Apache web server must set an inactive timeout for sessions – reqtimeout_module

AS24-U2-000660 – The Apache web server must set an inactive timeout for sessions – RequestReadTimeout

AS24-U2-000680 – The Apache web server must restrict inbound connections from nonsecure zones.

AS24-U2-000700 – Non-privileged accounts on the hosting system must only access Apache web server security-relevant information and functions through a distinct administrative account.