OHS must restrict access methods.

An XCCDF Rule

Description

<VulnDiscussion>The directive "<LimitExcept>" allows the system administrator to restrict what users may use which methods. An example of methods would be GET, POST and DELETE. These three are the most common used by applications and should be allowed. Methods such as TRACE, if allowed, give an attacker a way to map the system so that vulnerabilities to the system can be researched and developed.</VulnDiscussion><FalsePositives></FalsePositives><FalseNegatives></FalseNegatives><Documentable>false</Documentable><Mitigations></Mitigations><SeverityOverrideGuidance></SeverityOverrideGuidance><PotentialImpacts></PotentialImpacts><ThirdPartyTools></ThirdPartyTools><MitigationControl></MitigationControl><Responsibility></Responsibility><IAControls></IAControls>

ID: SV-221438r879887_rule
Severity: Medium
References: CCI-000366
Updated: about 1 year ago

1. Open $DOMAIN_HOME/config/fmwconfig/components/OHS/<componentName>/httpd.conf and every .conf file (e.g., ssl.conf) included in it with an editor.

2. Search for the "<LimitExcept>" directive at the directory configuration scope.

3. Set the "<LimitExcept>" directive to "GET POST", add the directive if it does not exist.
4. Within the "<LimitExcept GET POST>" directives, add the directive "Deny" and set it to "from all".

OHS must restrict access methods.

Description

Remediation - Manual Procedure