The Apache web server must not be a proxy server.
An XCCDF Rule
Description
A web server should be primarily a web server or a proxy server but not both, for the same reasons that other multiuse servers are not recommended. Scanning for web servers that will also proxy requests into an otherwise protected network is a very common attack, making the attack anonymous.
- ID
- SV-214320r1051286_rule
- Version
- AS24-W1-000260
- Severity
- Medium
- References
- Updated
Remediation Templates
A Manual Procedure
Open the <'INSTALL PATH'>\conf\httpd.conf file with an editor and search for the following directive:
ProxyRequests
Set the directive to a value of "off".
Restart the Apache service.