STIGQter: STIG Summary: VMW vRealize Automation 7.x HA Proxy Security Technical Implementation Guide Version: 1 Release: 1 Benchmark Date: 28 Sep 2018:

HAProxy must provide default error files.

DISA Rule

SV-99827r1_rule

Vulnerability Number

V-89177

Group Title

SRG-APP-000266-WSR-000159

Rule Version

VRAU-HA-000315

Severity

CAT II

CCI(s)

• CCI-001312 - The information system generates error messages that provide information necessary for corrective actions without revealing information that could be exploited by adversaries.

Weight

10

Fix Recommendation

Create error pages for each of the HTTP status codes below:

400, 403, 408, 500, 502, 503, 504

Navigate to and open /etc/haproxy/haproxy.cfg. Navigate to the "defaults" section.

Add the following lines:

errorfile 400 /path/to/errorPage/for/400.http
errorfile 403 /path/to/errorPage/for/403.http
errorfile 408 /path/to/errorPage/for/408.http
errorfile 500 /path/to/errorPage/for/500.http
errorfile 502 /path/to/errorPage/for/502.http
errorfile 503 /path/to/errorPage/for/503.http
errorfile 504 /path/to/errorPage/for/504.http

Check Contents

At the command prompt, execute the following command:

grep 'errorfile' /etc/haproxy/haproxy.cfg

If the return value for "errorfile" does not list error pages for the following HTTP status codes, this is a finding.

400, 403, 408, 500, 502, 503, 504

Vulnerability Number

V-89177

Documentable

False

Rule Version

VRAU-HA-000315

Severity Override Guidance

At the command prompt, execute the following command:

grep 'errorfile' /etc/haproxy/haproxy.cfg

If the return value for "errorfile" does not list error pages for the following HTTP status codes, this is a finding.

400, 403, 408, 500, 502, 503, 504

Check Content Reference

M

Target Key

3455

Comments