Apache Server 2.4 UNIX Site Security Technical Implementation Guide
Rules, Groups, and Values defined within the XCCDF Benchmark
-
The Apache web server document directory must be in a separate partition from the Apache web servers system files.
A web server is used to deliver content on the request of a client. The content delivered to a client must be controlled, allowing only hosted application files to be accessed and delivered. To all...Rule Medium Severity -
SRG-APP-000246-WSR-000149
Group -
The Apache web server must be tuned to handle the operational requirements of the hosted application.
A denial of service (DoS) can occur when the Apache web server is so overwhelmed that it can no longer respond to additional requests. A web server not properly tuned may become overwhelmed and cau...Rule Medium Severity -
SRG-APP-000266-WSR-000142
Group -
SRG-APP-000266-WSR-000159
Group -
SRG-APP-000266-WSR-000160
Group -
SRG-APP-000295-WSR-000012
Group -
The Apache web server must set an absolute timeout for sessions.
Leaving sessions open indefinitely is a major security risk. An attacker can easily use an already authenticated session to access the hosted application as the previously authenticated user. By cl...Rule Medium Severity -
SRG-APP-000295-WSR-000134
Group -
SRG-APP-000315-WSR-000004
Group
Node 2
The content of the drawer really is up to you. It could have form fields, definition lists, text lists, labels, charts, progress bars, etc. Spacing recommendation is 24px margins. You can put tabs in here, and can also make the drawer scrollable.