Changes are coming to https://stigviewer.com.
Take our survey to help us understand your usage and how we can better serve you in the future.
Take Survey
OHS must have the LoadModule proxy_connect_module directive disabled.
Overview
| Finding ID | Version | Rule ID | IA Controls | Severity |
|---|---|---|---|---|
| V-221400 | OH12-1X-000153 | SV-221400r414885_rule | Medium |
| Description |
|---|
| A web server should be primarily a web server or a proxy server but not both, for the same reasons that other multi-use servers are not recommended. Scanning for web servers that will also proxy requests into an otherwise protected network is a very common attack making the attack anonymous. |
| STIG | Date |
|---|---|
| Oracle HTTP Server 12.1.3 Security Technical Implementation Guide | 2021-12-29 |
Details
| Check Text ( C-23115r414883_chk ) |
|---|
| 1. Open $DOMAIN_HOME/config/fmwconfig/components/OHS/ 2. Search for the "LoadModule proxy_connect_module" directive at the OHS server configuration scope. 3. If the directive exists and is not commented out, this is a finding. |
| Fix Text (F-23104r414884_fix) |
|---|
| 1. Open $DOMAIN_HOME/config/fmwconfig/components/OHS/ 2. Search for the "LoadModule proxy_connect_module" directive at the OHS server configuration scope. 3. Comment out the "LoadModule proxy_connnect_module" directive if it exists. |