Changes are coming to https://stigviewer.com.
Take our survey to help us understand your usage and how we can better serve you in the future.
Take Survey
OHS must have the LoadModule proxy_ftp_module directive disabled.
Overview
| Finding ID | Version | Rule ID | IA Controls | Severity |
|---|---|---|---|---|
| V-64365 | OH12-1X-000152 | SV-78855r1_rule | Medium |
| Description |
|---|
| A web server should be primarily a web server or a proxy server but not both, for the same reasons that other multi-use servers are not recommended. Scanning for web servers that will also proxy requests into an otherwise protected network is a very common attack making the attack anonymous. |
| STIG | Date |
|---|---|
| Oracle HTTP Server 12.1.3 Security Technical Implementation Guide | 2019-12-12 |
Details
| Check Text ( C-65117r1_chk ) |
|---|
| 1. Open $DOMAIN_HOME/config/fmwconfig/components/OHS/ 2. Search for the "LoadModule proxy_ftp_module" directive at the OHS server configuration scope. 3. If the directive exists and is not commented out, this is a finding. |
| Fix Text (F-70295r1_fix) |
|---|
| 1. Open $DOMAIN_HOME/config/fmwconfig/components/OHS/ 2. Search for the "LoadModule proxy_ftp_module" directive at the OHS server configuration scope. 3. Comment out the "LoadModule proxy_ftp_module" directive if it exists. |