Disable HTTP Digest Authentication
An XCCDF Rule
Description
The auth_digest
module provides encrypted authentication sessions.
If this functionality is unnecessary, comment out the related module:
#LoadModule auth_digest_module modules/mod_auth_digest.so
Rationale
Minimizing the number of loadable modules available to the web server reduces risk by limiting the capabilities allowed by the web server.
- ID
- xccdf_org.ssgproject.content_rule_httpd_digest_authentication
- Severity
- Unknown
- References
- Updated