Disable WebDAV (Distributed Authoring and Versioning)
An XCCDF Rule
Description
WebDAV is an extension of the HTTP protocol that provides distributed and collaborative access to web content. If its functionality is unnecessary, comment out the related modules:
#LoadModule dav_module modules/mod_dav.so #LoadModule dav_fs_module modules/mod_dav_fs.soIf there is a critical need for WebDAV, extra care should be taken in its configuration. Since DAV access allows remote clients to manipulate server files, any location on the server that is DAV enabled should be protected by access controls.
Rationale
Minimizing the number of loadable modules available to the web server, reduces risk by limiting the capabilities allowed by the web server.
- ID
- xccdf_org.ssgproject.content_rule_httpd_webdav
- Severity
- Unknown
- Updated