APACHE 2.2 Server for Windows Security Technical Implementation Guide
Rules, Groups, and Values defined within the XCCDF Benchmark
-
The HTTP request line must be limited.
Buffer overflow attacks are carried out by a malicious attacker sending amounts of data that the web server cannot store in a given size buffer. The eventual overflow of this buffer can overwrite s...Rule Medium Severity -
The process ID (PID) file must be properly secured.
The PidFile directive sets the path to the process ID file to which the server records the process ID of the server, which is useful for sending a signal to the server process or for checking on th...Rule Medium Severity -
The web server must be configured to listen on a specific IP address and port.
The Apache Listen directive specifies the IP addresses and port numbers the Apache web server will listen for requests. Rather than be unrestricted to listen on all IP addresses available to the sy...Rule Medium Severity -
The web server must remove all export ciphers from the cipher suite.
During the initial setup of a Transport Layer Security (TLS) connection to the web server, the client sends a list of supported cipher suites in order of preference. The web server will reply with...Rule Medium Severity -
Web administration tools must be restricted to the web manager and the web manager’s designees.
All automated information systems are at risk of data loss due to disaster or compromise. Failure to provide adequate protection to the administration tools creates risk of potential theft or damag...Rule Medium Severity
Node 2
The content of the drawer really is up to you. It could have form fields, definition lists, text lists, labels, charts, progress bars, etc. Spacing recommendation is 24px margins. You can put tabs in here, and can also make the drawer scrollable.
Capacity
Modules