STIGQter: STIG Summary: Apache Server 2.4 Windows Site Security Technical Implementation Guide Version: 1 Release: 3 Benchmark Date: 24 Jul 2020:

The Apache web server must restrict inbound connections from nonsecure zones.

DISA Rule

SV-102653r1_rule

Vulnerability Number

V-92565

Group Title

SRG-APP-000315-WSR-000004

Rule Version

AS24-W2-000670

Severity

CAT II

CCI(s)

• CCI-002314 - The information system controls remote access methods.

Weight

10

Fix Recommendation

Configure the "http.conf" file to include restrictions.

Example:

<RequireAll>
Require not host phishers.example.com moreidiots.example
</RequireAll>

Check Contents

Review the <'INSTALLED PATH'>\conf\httpd.conf file.

If "IP Address Restrictions" are not configured or IP ranges configured to be "Allow" are not restrictive enough to prevent connections from nonsecure zones, this is a finding.

Vulnerability Number

V-92565

Documentable

False

Rule Version

AS24-W2-000670

Severity Override Guidance

Review the <'INSTALLED PATH'>\conf\httpd.conf file.

If "IP Address Restrictions" are not configured or IP ranges configured to be "Allow" are not restrictive enough to prevent connections from nonsecure zones, this is a finding.

Check Content Reference

M

Target Key

3419

Comments