UCF STIG Viewer Logo

The Apache web server must not be a proxy server.


Overview

Finding ID Version Rule ID IA Controls Severity
V-92373 AS24-W1-000260 SV-102461r1_rule Medium
Description
A web server should be primarily a web server or a proxy server but not both, for the same reasons that other multi-use servers are not recommended. Scanning for web servers that will also proxy requests into an otherwise protected network is a very common attack, making the attack anonymous.
STIG Date
Apache Server 2.4 Windows Server Security Technical Implementation Guide 2019-12-19

Details

Check Text ( C-91669r1_chk )
In a command line, CD to "<'INSTALLED PATH'>\bin". Run "httpd -M" to view a list of installed modules.

If any of the following modules are present, this is a finding:

proxy_module
proxy_ajp_module
proxy_balancer_module
proxy_ftp_module
proxy_http_module
proxy_connect_module
Fix Text (F-98611r1_fix)
Edit the <'INSTALL PATH'>\conf\httpd.conf file and remove the following modules:

proxy_module
proxy_ajp_module
proxy_balancer_module
proxy_ftp_module
proxy_http_module
proxy_connect_module