The Apache web server must not be a proxy server.

An XCCDF Rule

Details
Profiles

Description

A web server should be primarily a web server or a proxy server but not both, for the same reasons that other multiuse servers are not recommended. Scanning for web servers that will also proxy requests into an otherwise protected network is a very common attack, making the attack anonymous.

ID: SV-214241r1051280_rule
Version: AS24-U1-000260
Severity: Medium
References: CCI-000381
Updated: about 2 months ago

Remediation Templates

Determine the location of the "HTTPD_ROOT" directory and the "httpd.conf" file:

# apachectl -V | egrep -i 'httpd_root|server_config_file'
-D HTTPD_ROOT="/etc/httpd"
-D SERVER_CONFIG_FILE="conf/httpd.conf"
Edit the file and comment out the ProxyRequests directive in the httpd.conf file.

Restart Apache: apachectl restart

The Apache web server must not be a proxy server.

Description

Remediation Templates

A Manual Procedure