Disable Proxy Support
An XCCDF Rule
Description
The proxy
module provides proxying support, allowing httpd
to forward requests and
serve as a gateway for other servers. If its functionality is unnecessary, comment out the module:
#LoadModule proxy_module modules/mod_proxy.soIf proxy support is needed, load
mod_proxy
and the appropriate proxy protocol handler
module (one of mod_proxy_http
, mod_proxy_ftp
, or mod_proxy_connect
). Additionally,
make certain that a server is secure before enabling proxying, as open proxy servers
are a security risk. mod_proxy_balancer
enables load balancing, but requires that
mod status
be enabled.
Rationale
Minimizing the number of loadable modules available to the web server reduces risk by limiting the capabilities allowed by the web server.
- ID
- xccdf_org.ssgproject.content_rule_httpd_proxy_support
- Severity
- Unknown
- References
- Updated