The Apache web server must not be a proxy server.
Overview
| Finding ID | Version | Rule ID | IA Controls | Severity |
| V-214320 | AS24-W1-000260 | SV-214320r1051286_rule | CCI-000381 | medium |
| Description | ||||
| A web server should be primarily a web server or a proxy server but not both, for the same reasons that other multiuse servers are not recommended. Scanning for web servers that will also proxy requests into an otherwise protected network is a very common attack, making the attack anonymous. | ||||
| STIG | Date | |||
| Apache Server 2.4 Windows Server Security Technical Implementation Guide | 2025-02-12 | |||
Related Frameworks
3 paths across 3 frameworks
Related Frameworks
NIST 800-531 mapping
CM-7
1.00
- DISA · 3 · disa_xccdf · related
- DISA · 2025-01-23 · disa_cci_list · equivalent
NIST 800-1711 mapping
3.4.6
1.00
- DISA · 3 · disa_xccdf · related
- DISA · 2025-01-23 · disa_cci_list · equivalent
- NIST · Rev 2 (Feb 2020, errata Jan 2021) · nist_800_171_app_d · equivalent
CCI1 mapping
CCI-000381
1.00
- DISA · 3 · disa_xccdf · related
Details
Check Text (C-214320r1051286_chk)
If the server has been approved to be a proxy server, this requirement is Not Applicable.
Open the <'INSTALL PATH'>\conf\httpd.conf file with an editor and search for the following directive:
ProxyRequests
If the ProxyRequests directive is set to "On", this is a finding.
Fix Text (F-15530r1051285_fix)
Open the <'INSTALL PATH'>\conf\httpd.conf file with an editor and search for the following directive:
ProxyRequests
Set the directive to a value of "off".
Restart the Apache service.