Skip to content
Log In

Apache Server 2.4 Windows Server Security Technical Implementation Guide

Rules, Groups, and Values defined within the XCCDF Benchmark

  • The Apache web server must only contain services and functions necessary for operation.

    A web server can provide many features, services, and processes. Some of these may be deemed unnecessary or too unsecure to run on a production DoD system. The web server must provide the capabili...
    Rule Medium Severity
    Show

  • SRG-APP-000141-WSR-000076

    Group
    Show

  • The Apache web server must not be a proxy server.

    A web server should be primarily a web server or a proxy server but not both, for the same reasons that other multiuse servers are not recommended. Scanning for web servers that will also proxy req...
    Rule Medium Severity
    Show

  • SRG-APP-000141-WSR-000077

    Group
    Show

  • SRG-APP-000141-WSR-000078

    Group
    Show

  • Apache web server application directories, libraries, and configuration files must only be accessible to privileged users.

    When accounts used for web server features such as documentation, sample code, example applications, tutorials, utilities, and services are created even though the feature is not installed, they be...
    Rule High Severity
    Show

  • SRG-APP-000141-WSR-000081

    Group
    Show

  • The Apache web server must have resource mappings set to disable the serving of certain file types.

    Resource mapping is the process of tying a particular file type to a process in the web server that can serve that type of file to a requesting client and to identify which file types are not to be...
    Rule Medium Severity
    Show

  • SRG-APP-000141-WSR-000082

    Group
    Show

  • The Apache web server must allow the mappings to unused and vulnerable scripts to be removed.

    Scripts allow server-side processing on behalf of the hosted application user or as processes needed in the implementation of hosted applications. Removing scripts not needed for application operat...
    Rule Medium Severity
    Show

  • SRG-APP-000141-WSR-000085

    Group
    Show

  • The Apache web server must have Web Distributed Authoring (WebDAV) disabled.

    A web server can be installed with functionality that, just by its nature, is not secure. WebDAV is an extension to the HTTP protocol that, when developed, was meant to allow users to create, chang...
    Rule Medium Severity
    Show

  • SRG-APP-000142-WSR-000089

    Group
    Show

  • SRG-APP-000172-WSR-000104

    Group
    Show

  • SRG-APP-000175-WSR-000095

    Group
    Show

  • The Apache web server must perform RFC 5280-compliant certification path validation.

    A certificate's certification path is the path from the end entity certificate to a trusted root certification authority (CA). Certification path validation is necessary for a relying party to make...
    Rule Medium Severity
    Show

  • SRG-APP-000211-WSR-000030

    Group
    Show

  • SRG-APP-000211-WSR-000129

    Group
    Show

  • The Apache web server must separate the hosted applications from hosted Apache web server management functionality.

    The separation of user functionality from web server management can be accomplished by moving management functions to a separate IP address or port. To further separate the management functions, se...
    Rule Medium Severity
    Show

  • SRG-APP-000220-WSR-000201

    Group
    Show

Node 2

siemur/test-space

The content of the drawer really is up to you. It could have form fields, definition lists, text lists, labels, charts, progress bars, etc. Spacing recommendation is 24px margins. You can put tabs in here, and can also make the drawer scrollable.

Capacity
Modules