The web server must not be a proxy server.
An XCCDF Rule
Description
A web server should be primarily a web server or a proxy server but not both, for the same reasons that other multi-use servers are not recommended. Scanning for web servers that will also proxy requests into an otherwise protected network is a very common attack making the attack anonymous.
- ID
- SV-206376r960963_rule
- Version
- SRG-APP-000141-WSR-000076
- Severity
- Medium
- References
- Updated
Remediation Templates
A Manual Procedure
Uninstall any proxy services, modules, and libraries that are used by the web server to act as a proxy server.
Verify all configuration changes are made to assure the web server is no longer acting as a proxy server in any manner.