UCF STIG Viewer Logo
Changes are coming to https://stigviewer.com. Take our survey to help us understand your usage and how we can better serve you in the future.
Take Survey

The Apache web server must not be a proxy server.


Overview

Finding ID Version Rule ID IA Controls Severity
V-214320 AS24-W1-000260 SV-214320r505936_rule Medium
Description
A web server should be primarily a web server or a proxy server but not both, for the same reasons that other multi-use servers are not recommended. Scanning for web servers that will also proxy requests into an otherwise protected network is a very common attack, making the attack anonymous.
STIG Date
Apache Server 2.4 Windows Server Security Technical Implementation Guide 2020-09-25

Details

Check Text ( C-15532r277463_chk )
In a command line, CD to "<'INSTALLED PATH'>\bin". Run "httpd -M" to view a list of installed modules.

If any of the following modules are present, this is a finding:

proxy_module
proxy_ajp_module
proxy_balancer_module
proxy_ftp_module
proxy_http_module
proxy_connect_module
Fix Text (F-15530r277464_fix)
Edit the <'INSTALL PATH'>\conf\httpd.conf file and remove the following modules:

proxy_module
proxy_ajp_module
proxy_balancer_module
proxy_ftp_module
proxy_http_module
proxy_connect_module