UCF STIG Viewer Logo
Changes are coming to https://stigviewer.com. Take our survey to help us understand your usage and how we can better serve you in the future.
Take Survey

OHS must have the LoadModule proxy_ftp_module directive disabled.


Overview

Finding ID Version Rule ID IA Controls Severity
V-64365 OH12-1X-000152 SV-78855r1_rule Medium
Description
A web server should be primarily a web server or a proxy server but not both, for the same reasons that other multi-use servers are not recommended. Scanning for web servers that will also proxy requests into an otherwise protected network is a very common attack making the attack anonymous.
STIG Date
Oracle HTTP Server 12.1.3 Security Technical Implementation Guide 2020-06-12

Details

Check Text ( C-65117r1_chk )
1. Open $DOMAIN_HOME/config/fmwconfig/components/OHS//httpd.conf with an editor.

2. Search for the "LoadModule proxy_ftp_module" directive at the OHS server configuration scope.

3. If the directive exists and is not commented out, this is a finding.
Fix Text (F-70295r1_fix)
1. Open $DOMAIN_HOME/config/fmwconfig/components/OHS//httpd.conf with an editor.

2. Search for the "LoadModule proxy_ftp_module" directive at the OHS server configuration scope.

3. Comment out the "LoadModule proxy_ftp_module" directive if it exists.