STIGQter: STIG Summary: Apache Server 2.4 UNIX Site Security Technical Implementation Guide Version: 2 Release: 1 Benchmark Date: 22 Jan 2021: STIGQter: STIG Summary: Apache Server 2.4 UNIX Site Security Technical Implementation Guide Version: 2 Release: 1 Benchmark Date: 22 Jan 2021:SV-214293r612241_rule
V-214293
SRG-APP-000266-WSR-000159
AS24-U2-000630
CAT II
10
Determine the location of the "HTTPD_ROOT" directory and the "httpd.conf" file:
# httpd -V | egrep -i 'httpd_root|server_config_file'
-D HTTPD_ROOT="/etc/httpd"
-D SERVER_CONFIG_FILE="conf/httpd.conf"
Use the "ErrorDocument" directive to enable custom error pages.
ErrorDocument 500 "Sorry, our script crashed. Oh dear"
ErrorDocument 500 /cgi-bin/crash-recover
ErrorDocument 500 http://error.example.com/server_error.html
ErrorDocument 404 /errors/not_found.html
ErrorDocument 401 /subscription/how_to_subscribe.html
The syntax of the ErrorDocument directive is:
ErrorDocument <3-digit-code> <action>
Additional Information:
https://httpd.apache.org/docs/2.4/custom-error.html
In a command line, run "httpd -M | grep -i ssl_module".
If the "ssl_module" is not enabled, this is a finding.
Determine the location of the "HTTPD_ROOT" directory and the "httpd.conf" file:
# httpd -V | egrep -i 'httpd_root|server_config_file'
-D HTTPD_ROOT="/etc/httpd"
-D SERVER_CONFIG_FILE="conf/httpd.conf"
If the "ErrorDocument" directive is not being used, this is a finding.
V-214293
False
AS24-U2-000630
In a command line, run "httpd -M | grep -i ssl_module".
If the "ssl_module" is not enabled, this is a finding.
Determine the location of the "HTTPD_ROOT" directory and the "httpd.conf" file:
# httpd -V | egrep -i 'httpd_root|server_config_file'
-D HTTPD_ROOT="/etc/httpd"
-D SERVER_CONFIG_FILE="conf/httpd.conf"
If the "ErrorDocument" directive is not being used, this is a finding.
M
3997