All Automation Controller NGINX web servers must be configured to use a specified IP address and port.
An XCCDF Rule
Description
From a security perspective, it is important that all Automation Controller NGINX web servers are configured to use a specified IP address and port because “listening” on all IP addresses poses a vulnerability to the web server. Not confining the web server to a specified IP address and port puts all web server content at risk of access by bad actors wanting to take advantage of those resources.
- ID
- SV-256952r960966_rule
- Version
- APWS-AT-000370
- Severity
- Medium
- References
- Updated
Remediation Templates
A Manual Procedure
As a System Administrator for each Automation Controller NGINX web server host, identify the allowed and/or designated IP address(es) for the Automation Controller system.
Replace any wildcard or ranged IP address references in the NGINX configuration with IP addresses from the pool of allowed and/or designated address.
Reload the NGINX server configurations for all NGINX processes:
$ pkill -HUP nginx