| 5.11 Ensure Access to Inappropriate File Extensions Is Restricted - 'httpd.conf approved extention FileMatch directive exists' | SYSTEM AND INFORMATION INTEGRITY |
| 5.11 Ensure Access to Inappropriate File Extensions Is Restricted - 'httpd.conf FileMatch directive configuration' | SYSTEM AND INFORMATION INTEGRITY |
| 5.11 Ensure Access to Inappropriate File Extensions Is Restricted - 'httpd.conf FileMatch directive Require all denied' | SYSTEM AND INFORMATION INTEGRITY |
| 5.12 Ensure IP Address Based Requests Are Disallowed - 'httpd.conf RewriteCond %{HTTP_HOST} exists' | SYSTEM AND INFORMATION INTEGRITY |
| 5.12 Ensure IP Address Based Requests Are Disallowed - 'httpd.conf RewriteCond %{REQUEST_URI} exists' | SYSTEM AND INFORMATION INTEGRITY |
| 5.12 Ensure IP Address Based Requests Are Disallowed - 'httpd.conf RewriteEngine = on' | SYSTEM AND INFORMATION INTEGRITY |
| 5.12 Ensure IP Address Based Requests Are Disallowed - 'httpd.conf RewriteRule ^.(.*) - [L,F] exists' | SYSTEM AND INFORMATION INTEGRITY |
| 5.12 Ensure IP Address Based Requests Are Disallowed - Rewrite module not loaded | SYSTEM AND INFORMATION INTEGRITY |
| 5.13 Ensure the IP Addresses for Listening for Requests Are Specified - 'httpd.conf Listen [::ffff:0.0.0.0]:80 does not exists' | SYSTEM AND INFORMATION INTEGRITY |
| 5.13 Ensure the IP Addresses for Listening for Requests Are Specified - 'httpd.conf Listen 0.0.0.0:80 does not exists' | SYSTEM AND INFORMATION INTEGRITY |
| 5.13 Ensure the IP Addresses for Listening for Requests Are Specified - 'httpd.conf Listen 80 does not exists' | SYSTEM AND INFORMATION INTEGRITY |
| 5.14 Ensure Browser Framing Is Restricted | CONFIGURATION MANAGEMENT |
| 6.2 Ensure a Syslog Facility Is Configured for Error Logging - 'httpd.conf <VirtualHost> Syslog is configured' | AUDIT AND ACCOUNTABILITY |
| 6.2 Ensure a Syslog Facility Is Configured for Error Logging - 'httpd.conf Syslog is configured' | AUDIT AND ACCOUNTABILITY |
| 6.6 Ensure ModSecurity Is Installed and Enabled | SYSTEM AND COMMUNICATIONS PROTECTION |
| 6.7 Ensure the OWASP ModSecurity Core Rule Set Is Installed and Enabled - Active Rules | SYSTEM AND COMMUNICATIONS PROTECTION |
| 6.7 Ensure the OWASP ModSecurity Core Rule Set Is Installed and Enabled - Inbound Anomaly Threshold | SYSTEM AND COMMUNICATIONS PROTECTION |
| 6.7 Ensure the OWASP ModSecurity Core Rule Set Is Installed and Enabled - Outbound Anomaly Threshold | SYSTEM AND COMMUNICATIONS PROTECTION |
| 6.7 Ensure the OWASP ModSecurity Core Rule Set Is Installed and Enabled - Paranoia Level | SYSTEM AND COMMUNICATIONS PROTECTION |
| 7.10 Ensure the TLSv1.0 and TLSv1.1 Protocols are Disabled | SYSTEM AND COMMUNICATIONS PROTECTION |
| 7.11 Ensure HTTP Strict Transport Security Is Enabled - 'httpd.conf Strict-Transport-Security 'max-age=480' | |
| 7.11 Ensure HTTP Strict Transport Security Is Enabled - 'httpd.conf Strict-Transport-Security configuration' | |
| 7.12 Ensure Only Cipher Suites That Provide Forward Secrecy Are Enabled | SYSTEM AND COMMUNICATIONS PROTECTION |
| 8.3 Ensure All Default Apache Content Is Removed - 'httpd.conf Alias /icons/ /var/www/icons/ does not exists' | CONFIGURATION MANAGEMENT |
| 8.3 Ensure All Default Apache Content Is Removed - 'httpd.conf Include conf/extra/httpd-autoindex.conf does not exists' | CONFIGURATION MANAGEMENT |
| 8.4 Ensure ETag Response Header Fields Do Not Include Inodes | CONFIGURATION MANAGEMENT |
| 10.1 Ensure the LimitRequestLine directive is Set to 512 or less | CONFIGURATION MANAGEMENT |
| 10.2 Ensure the LimitRequestFields Directive is Set to 100 or Less | CONFIGURATION MANAGEMENT |
| 10.3 Ensure the LimitRequestFieldsize Directive is Set to 1024 or Less | CONFIGURATION MANAGEMENT |
| 10.4 Ensure the LimitRequestBody Directive is Set to 102400 or Less | CONFIGURATION MANAGEMENT |
| 11.1 Ensure SELinux Is Enabled in Enforcing Mode | ACCESS CONTROL |
| 11.2 Ensure Apache Processes Run in the httpd_t Confined Context | ACCESS CONTROL |
| 11.3 Ensure the httpd_t Type Is Not in Permissive Mode | ACCESS CONTROL |
| 11.4 Ensure Only the Necessary SELinux Booleans Are Enabled | SYSTEM AND INFORMATION INTEGRITY |
| 12.1 Ensure the AppArmor Framework Is Enabled | CONFIGURATION MANAGEMENT |
| 12.2 Ensure the Apache AppArmor Profile Is Configured Properly | |
| 12.3 Ensure the Apache AppArmor Profile Is in Enforce Mode | CONFIGURATION MANAGEMENT |
| CIS_Apache_HTTP_Server_2.2_Benchmark_v3.6.0_Level_2_Middleware.audit from CIS Apache HTTP Server 2.2 Benchark v3.6.0 | |
