OHS must have the LoadModule proxy_http_module directive disabled.
An XCCDF Rule
Description
A web server can provide many features, services, and processes. Some of these may be deemed unnecessary or too unsecure to run on a production DoD system. The web server must provide the capability to disable, uninstall, or deactivate functionality and services that are deemed to be non-essential to the web server mission or can adversely impact server performance. The proxy_http_module requires the service of mod_proxy. It provides the features used for proxying HTTP and HTTPS requests. If proxy services are required, the proxy configuration must be approved by the AO.
- ID
- SV-221382r879587_rule
- Version
- OH12-1X-000135
- Severity
- Medium
- References
- Updated
Remediation Templates
A Manual Procedure
1. Open $DOMAIN_HOME/config/fmwconfig/components/OHS/<componentName>/httpd.conf with an editor.
2. Search for the "LoadModule proxy_http_module" directive at the OHS server configuration scope.
3. Comment out the "LoadModule proxy_http_module" directive if it exists.