Apache Server 2.4 Windows Server Security Technical Implementation Guide
Rules, Groups, and Values defined within the XCCDF Benchmark
-
The Apache web server must restrict inbound connections from nonsecure zones.
Remote access to the Apache web server is any access that communicates through an external, non-organization-controlled network. Remote access can be used to access hosted applications or to perfor...Rule Medium Severity -
The Apache web server must use a logging mechanism that is configured to allocate log record storage capacity large enough to accommodate the logging requirements of the Apache web server.
To make certain that the logging mechanism used by the web server has sufficient storage capacity in which to write the logs, the logging mechanism needs to be able to allocate log record storage c...Rule Medium Severity -
The Apache web server must be configurable to integrate with an organizations security infrastructure.
A web server will typically use logging mechanisms for maintaining a historical log of activity that occurs within a hosted application. This information can then be used for diagnostic purposes, f...Rule Medium Severity -
The Apache web server must use a logging mechanism that is configured to provide a warning to the Information System Security Officer (ISSO) and System Administrator (SA) when allocated record storage volume reaches 75 percent of maximum log record storage capacity.
It is critical for the appropriate personnel to be aware if a system is at risk of failing to process logs as required. Log processing failures include software/hardware errors, failures in the log...Rule Medium Severity -
The Apache web server must be tuned to handle the operational requirements of the hosted application.
A denial of service (DoS) can occur when the Apache web server is so overwhelmed that it can no longer respond to additional requests. A web server not properly tuned may become overwhelmed and cau...Rule Medium Severity -
The Apache web server cookies, such as session cookies, sent to the client using SSL/TLS must not be compressed.
A cookie is used when a web server needs to share data with the client's browser. The data is often used to remember the client when the client returns to the hosted application at a later date. A ...Rule Medium Severity -
All accounts installed with the Apache web server software and tools must have passwords assigned and default passwords changed.
During installation of the Apache web server software, accounts are created for the Apache web server to operate properly. The accounts installed can have either no password installed or a default ...Rule High Severity -
The Apache web server software must be a vendor-supported version.
Many vulnerabilities are associated with older versions of web server software. As hot fixes and patches are issued, these solutions are included in the next version of the server software. Maintai...Rule High Severity
Node 2
The content of the drawer really is up to you. It could have form fields, definition lists, text lists, labels, charts, progress bars, etc. Spacing recommendation is 24px margins. You can put tabs in here, and can also make the drawer scrollable.