Changes are coming to https://stigviewer.com.
Take our survey to help us understand your usage and how we can better serve you in the future.
Take Survey
Lighttpd proxy settings must be configured.
Overview
| Finding ID | Version | Rule ID | IA Controls | Severity |
|---|---|---|---|---|
| V-240238 | VRAU-LI-000165 | SV-240238r879587_rule | Medium |
| Description |
|---|
| A web server should be primarily a web server or a proxy server but not both, for the same reasons that other multi-use servers are not recommended. Scanning for web servers that will also proxy requests into an otherwise protected network is a very common attack making the attack anonymous. |
| STIG | Date |
|---|---|
| VMware vRealize Automation 7.x Lighttpd Security Technical Implementation Guide | 2023-09-12 |
Details
| Check Text ( C-43471r668031_chk ) |
|---|
| At the command prompt, execute the following command: grep -A 6 -B 1 proxy.server /opt/vmware/etc/lighttpd/lighttpd.conf If the proxy.server "host" value is not set to "127.0.0.1" and the proxy.server "port" value is not set to "5488", this is a finding. |
| Fix Text (F-43430r668032_fix) |
|---|
| Navigate to and open /opt/vmware/etc/lighttpd/lighttpd.conf Navigate to proxy.server. Set the proxy.server "host" value to "127.0.0.1" and the proxy.server "port" value to "5488". Note: The proxy.server section should look like this when it is configured: $HTTP["url"] =~ "^/cimom" { proxy.server = ( "" => (( "host" => "127.0.0.1", "port" => "5488" )) ) } |