Skip to content
Log In

Apache Server 2.4 Windows Server Security Technical Implementation Guide

Rules, Groups, and Values defined within the XCCDF Benchmark

  • SRG-APP-000223-WSR-000011

    Group
    Show

  • Cookies exchanged between the Apache web server and client, such as session cookies, must have security settings that disallow cookie access outside the originating Apache web server and hosted application.

    Cookies are used to exchange data between the web server and the client. Cookies, such as a session cookie, may contain session information and user credentials used to maintain a persistent connec...
    Rule Medium Severity
    Show

  • SRG-APP-000223-WSR-000145

    Group
    Show

  • SRG-APP-000224-WSR-000136

    Group
    Show

  • The Apache web server must generate unique session identifiers that cannot be reliably reproduced.

    Communication between a client and the Apache web server is done using the HTTP protocol, but HTTP is a stateless protocol. To maintain a connection or session, a web server will generate a session...
    Rule Medium Severity
    Show

  • SRG-APP-000224-WSR-000139

    Group
    Show

  • SRG-APP-000225-WSR-000140

    Group
    Show

  • The Apache web server must be built to fail to a known safe state if system initialization fails, shutdown fails, or aborts fail.

    Determining a safe state for failure and weighing that against a potential DoS for users depends on what type of application the web server is hosting. For an application presenting publicly availa...
    Rule Medium Severity
    Show

  • SRG-APP-000233-WSR-000146

    Group
    Show

  • SRG-APP-000246-WSR-000149

    Group
    Show

  • The Apache web server must restrict the ability of users to launch denial-of-service (DoS) attacks against other information systems or networks.

    Apache web server can limit the ability of the web server being used in a DoS attack through several methods. The methods employed will depend upon the hosted applications and their resource needs ...
    Rule Medium Severity
    Show

  • SRG-APP-000266-WSR-000159

    Group
    Show

  • SRG-APP-000266-WSR-000160

    Group
    Show

  • SRG-APP-000295-WSR-000012

    Group
    Show

  • The Apache web server must set an absolute timeout for sessions.

    Leaving sessions open indefinitely is a major security risk. An attacker can easily use an already authenticated session to access the hosted application as the previously authenticated user. By cl...
    Rule Medium Severity
    Show

  • SRG-APP-000295-WSR-000134

    Group
    Show

  • SRG-APP-000315-WSR-000004

    Group
    Show

  • SRG-APP-000316-WSR-000170

    Group
    Show

  • The Apache web server must be configured to immediately disconnect or disable remote access to the hosted applications.

    During an attack on the Apache web server or any of the hosted applications, the system administrator may need to disconnect or disable access by users to stop the attack. The Apache web server mu...
    Rule Medium Severity
    Show

  • SRG-APP-000340-WSR-000029

    Group
    Show

Node 2

siemur/test-space

The content of the drawer really is up to you. It could have form fields, definition lists, text lists, labels, charts, progress bars, etc. Spacing recommendation is 24px margins. You can put tabs in here, and can also make the drawer scrollable.

Capacity
Modules