STIGQter: STIG Summary: Apache Server 2.4 Windows Server Security Technical Implementation Guide Version: 2 Release: 1 Benchmark Date: 23 Oct 2020: STIGQter: STIG Summary: Apache Server 2.4 Windows Server Security Technical Implementation Guide Version: 2 Release: 1 Benchmark Date: 23 Oct 2020:SV-214312r505936_rule
V-214312
SRG-APP-000098-WSR-000060
AS24-W1-000130
CAT II
10
Access the proxy server through which inbound web traffic is passed and configure settings to pass web traffic to the Apache web server transparently.
Interview the System Administrator to review the configuration of the Apache web server architecture and determine if inbound web traffic is passed through a proxy.
If the Apache web server is receiving inbound web traffic through a proxy, the audit logs must be reviewed to determine if correct source information is being passed through by the proxy server.
View Apache log files as configured in "httpd.conf" files.
When the log file is displayed, review source IP information in log entries and verify the entries do not reflect the IP address of the proxy server.
If the log entries in the log file(s) reflect the IP address of the proxy server as the source, this is a finding.
V-214312
False
AS24-W1-000130
Interview the System Administrator to review the configuration of the Apache web server architecture and determine if inbound web traffic is passed through a proxy.
If the Apache web server is receiving inbound web traffic through a proxy, the audit logs must be reviewed to determine if correct source information is being passed through by the proxy server.
View Apache log files as configured in "httpd.conf" files.
When the log file is displayed, review source IP information in log entries and verify the entries do not reflect the IP address of the proxy server.
If the log entries in the log file(s) reflect the IP address of the proxy server as the source, this is a finding.
M
3998