WG265 W22 – The required DoD banner page must be displayed to authenticated users accessing a DoD private website.
Details A consent banner will be in place to make prospective entrants aware that the website they are about to...
- Home
- Security Hardening
- DISA STIG Apache Site 2.2 Windows V1R13
DISA STIG Apache Site 2.2 Windows V1R13
WG290 W22 – The web client account access to the content and scripts directories must be limited to read and execute. – ‘Alias’
Details Excessive permissions for the anonymous web user account are one of the most common faults contributing to the compromise...WG290 W22 – The web client account access to the content and scripts directories must be limited to read and execute. – ‘DocumentRoot’
Details Excessive permissions for the anonymous web user account are one of the most common faults contributing to the compromise...WG290 W22 – The web client account access to the content and scripts directories must be limited to read and execute. – ‘ScriptAlias’
Details Excessive permissions for the anonymous web user account are one of the most common faults contributing to the compromise...WG290 W22 – The web client account access to the content and scripts directories must be limited to read and execute. – ‘ScriptAliasMatch’
Details Excessive permissions for the anonymous web user account are one of the most common faults contributing to the compromise...WG310 W22 – A web site must not contain a robots.txt file. – ‘Alias’
Details Search engines are constantly at work on the Internet. Search engines are augmented by agents, often referred to as...WG310 W22 – A web site must not contain a robots.txt file. – ‘DocumentRoot’
Details Search engines are constantly at work on the Internet. Search engines are augmented by agents, often referred to as...WG340 W22 – A private web server must utilize an approved TLS version. – ‘SSLEngine’
Details Transport Layer Security (TLS) encryption is a required security setting for a private web server. Encryption of private information...WG340 W22 – A private web server must utilize an approved TLS version. – ‘SSLProtocol’
Details Transport Layer Security (TLS) encryption is a required security setting for a private web server. Encryption of private information...WG342 W22 – Public web servers must use TLS if authentication is required.
Details Transport Layer Security (TLS) is optional for a public web server. However, if authentication is being performed, then the...