Skip to content
ATO Pathways
Log In
Overview
Search
Catalogs
SCAP
OSCAL
Catalogs
Profiles
Documents
References
Knowledge Base
Platform Documentation
Compliance Dictionary
Platform Changelog
About
Catalogs
XCCDF
Guide to the Secure Configuration of OpenEmbedded
Services
Web Server
Secure Apache Configuration
Use Appropriate Modules to Improve httpd's Security
Use Appropriate Modules to Improve httpd's Security
An XCCDF Group - A logical subset of the XCCDF Benchmark
Details
Profiles
Prose
Use Appropriate Modules to Improve httpd's Security
Among the modules available for
httpd
are several whose use may improve the security of the web server installation. This section recommends and discusses the deployment of security-relevant modules.
Deploy mod_security
The
security
module provides an application level firewall for
httpd
. Following its installation with the base ruleset, specific configuration advice can be found at
http://www.modsecurity.org/
to design a policy that best matches the security needs of the web applications. Usage of
mod_security
is highly recommended for some environments, but it should be noted this module does not ship with Red Hat Enterprise Linux itself, and instead is provided via Extra Packages for Enterprise Linux (EPEL). For more information on EPEL please refer to
http://fedoraproject.org/wiki/EPEL
.
Deploy mod_ssl
Because HTTP is a plain text protocol, all traffic is susceptible to passive monitoring. If there is a need for confidentiality, SSL should be configured and enabled to encrypt content.
Note:
mod_nss
is a FIPS 140-2 certified alternative to
mod_ssl
. The modules share a considerable amount of code and should be nearly identical in functionality. If FIPS 140-2 validation is required, then
mod_nss
should be used. If it provides some feature or its greater compatibility is required, then
mod_ssl
should be used.