Skip to content

Disable Proxy Support

An XCCDF Rule

Description

The proxy module provides proxying support, allowing httpd to forward requests and serve as a gateway for other servers. If its functionality is unnecessary, comment out the module:

#LoadModule proxy_module modules/mod_proxy.so
If proxy support is needed, load mod_proxy and the appropriate proxy protocol handler module (one of mod_proxy_http, mod_proxy_ftp, or mod_proxy_connect). Additionally, make certain that a server is secure before enabling proxying, as open proxy servers are a security risk. mod_proxy_balancer enables load balancing, but requires that mod status be enabled.

Rationale

Minimizing the number of loadable modules available to the web server reduces risk by limiting the capabilities allowed by the web server.

ID
xccdf_org.ssgproject.content_rule_httpd_proxy_support
Severity
Unknown
References
Updated