Home
Security Hardening
DISA STIG Apache Site 2.2 Unix V1R11 Middleware

DISA STIG Apache Site 2.2 Unix V1R11 Middleware

WA00605 A22 – Error logging must be enabled.
Details The server error logs are invaluable because they can also be used to identify potential problems and enable proactive...
WA00612 A22 – The sites error logs must log the correct format.
Details The server error logs are invaluable because they can also be used to identify potential problems and enable proactive...
WA00615 A22 – System logging must be enabled.
Details The server error logs are invaluable because they can also be used to identify potential problems and enable proactive...
WA00620 A22 – The LogLevel directive must be enabled.
Details The server error logs are invaluable because they can also be used to identify potential problems and enable proactive...
WG110 A22 – The number of allowed simultaneous requests must be set.
Details Resource exhaustion can occur when an unlimited number of concurrent requests are allowed on a web site, facilitating a...
WG140 A22 – Private web servers must require certificates issued from a DoD-authorized Certificate Authority.
Details Web sites requiring authentication within the DoD must utilize PKI as an authentication mechanism for web users. Information systems...
WG170 A22 – Each readable web document directory must contain either a default, home, index, or equivalent file.
Details The goal is to completely control the web users experience in navigating any portion of the web document root...
WG205 A22 – The web document (home) directory must be in a separate partition from the web server’s system files.
Details Application partitioning enables an additional security measure by securing user traffic under one security context, while managing system and...
WG210 A22 – Web content directories must not be anonymously shared.
Details Sharing web content is a security risk when a web server is involved. Users accessing the share anonymously could...
WG230 A22 – Web server administration must be performed over a secure path or at the local console.
Details Logging into a web server remotely using an unencrypted protocol or service when performing updates and maintenance is a...

DISA STIG Apache Site 2.2 Unix V1R11 Middleware

WA00605 A22 – Error logging must be enabled.

WA00612 A22 – The sites error logs must log the correct format.

WA00615 A22 – System logging must be enabled.

WA00620 A22 – The LogLevel directive must be enabled.

WG110 A22 – The number of allowed simultaneous requests must be set.

WG140 A22 – Private web servers must require certificates issued from a DoD-authorized Certificate Authority.

WG170 A22 – Each readable web document directory must contain either a default, home, index, or equivalent file.

WG205 A22 – The web document (home) directory must be in a separate partition from the web server’s system files.

WG210 A22 – Web content directories must not be anonymously shared.

WG230 A22 – Web server administration must be performed over a secure path or at the local console.