OHS must have the LoadModule proxy_ftp_module directive disabled.
An XCCDF Rule
Description
A web server should be primarily a web server or a proxy server but not both, for the same reasons that other multi-use servers are not recommended. Scanning for web servers that will also proxy requests into an otherwise protected network is a very common attack making the attack anonymous.
- ID
- SV-221399r879587_rule
- Version
- OH12-1X-000152
- Severity
- Medium
- References
- Updated
Remediation Templates
A Manual Procedure
1. Open $DOMAIN_HOME/config/fmwconfig/components/OHS/<componentName>/httpd.conf with an editor.
2. Search for the "LoadModule proxy_ftp_module" directive at the OHS server configuration scope.
3. Comment out the "LoadModule proxy_ftp_module" directive if it exists.