Disable Web Server Configuration Display
An XCCDF Rule
Description
The info module creates a web page illustrating the configuration of the web server. This
can create an unnecessary security leak and should be disabled.
If its functionality is unnecessary, comment out the module:
#LoadModule info_module modules/mod_info.soIf there is a critical need for this module, use the
Location directive to provide
an access control list to restrict access to the information.
Rationale
Minimizing the number of loadable modules available to the web server reduces risk by limiting the capabilities allowed by the web server.
- ID
- xccdf_org.ssgproject.content_rule_httpd_server_configuration_display
- Severity
- Unknown
- References
- Updated