| 5.13 Ensure Access to Inappropriate File Extensions Is Restricted | CONFIGURATION MANAGEMENT, SYSTEM AND COMMUNICATIONS PROTECTION |
| 5.14 Ensure IP Address Based Requests Are Disallowed | CONFIGURATION MANAGEMENT, SYSTEM AND COMMUNICATIONS PROTECTION |
| 5.15 Ensure the IP Addresses for Listening for Requests Are Specified | CONFIGURATION MANAGEMENT, SYSTEM AND INFORMATION INTEGRITY |
| 5.16 Ensure Browser Framing Is Restricted | CONFIGURATION MANAGEMENT, SYSTEM AND COMMUNICATIONS PROTECTION |
| 5.17 Ensure HTTP Header Referrer-Policy is set appropriately | CONFIGURATION MANAGEMENT, SYSTEM AND COMMUNICATIONS PROTECTION |
| 5.18 Ensure HTTP Header Permissions-Policy is set appropriately | CONFIGURATION MANAGEMENT, SYSTEM AND COMMUNICATIONS PROTECTION, SYSTEM AND INFORMATION INTEGRITY |
| 6.2 Ensure a Syslog Facility Is Configured for Error Logging | AUDIT AND ACCOUNTABILITY |
| 6.6 Ensure ModSecurity Is Installed and Enabled | SECURITY ASSESSMENT AND AUTHORIZATION, SYSTEM AND COMMUNICATIONS PROTECTION |
| 6.7 Ensure the OWASP ModSecurity Core Rule Set Is Installed and Enabled | SECURITY ASSESSMENT AND AUTHORIZATION, SYSTEM AND COMMUNICATIONS PROTECTION |
| 7.10 Ensure OCSP Stapling Is Enabled | ACCESS CONTROL, IDENTIFICATION AND AUTHENTICATION, SYSTEM AND COMMUNICATIONS PROTECTION |
| 7.11 Ensure HTTP Strict Transport Security Is Enabled | ACCESS CONTROL, IDENTIFICATION AND AUTHENTICATION, SYSTEM AND COMMUNICATIONS PROTECTION |
| 7.12 Ensure Only Cipher Suites That Provide Forward Secrecy Are Enabled | ACCESS CONTROL, IDENTIFICATION AND AUTHENTICATION, SYSTEM AND COMMUNICATIONS PROTECTION |
| 8.3 Ensure All Default Apache Content Is Removed | CONFIGURATION MANAGEMENT, SYSTEM AND COMMUNICATIONS PROTECTION |
| 8.4 Ensure ETag Response Header Fields Do Not Include Inodes | SYSTEM AND INFORMATION INTEGRITY |
| 10.1 Ensure the LimitRequestLine directive is Set to 8190 or less | ACCESS CONTROL, CONFIGURATION MANAGEMENT |
| 10.2 Ensure the LimitRequestFields Directive is Set to 100 or Less | ACCESS CONTROL, CONFIGURATION MANAGEMENT |
| 10.3 Ensure the LimitRequestFieldsize Directive is Set to 1024 or Less | ACCESS CONTROL, CONFIGURATION MANAGEMENT |
| 10.4 Ensure the LimitRequestBody Directive is Set to 102400 or Less | ACCESS CONTROL, CONFIGURATION MANAGEMENT |
| 11.1 Ensure SELinux Is Enabled in Enforcing Mode | ACCESS CONTROL, AUDIT AND ACCOUNTABILITY, MEDIA PROTECTION |
| 11.2 Ensure Apache Processes Run in the httpd_t Confined Context | ACCESS CONTROL, MEDIA PROTECTION |
| 11.3 Ensure the httpd_t Type is Not in Permissive Mode | ACCESS CONTROL, CONFIGURATION MANAGEMENT, MEDIA PROTECTION |
| 11.4 Ensure Only the Necessary SELinux Booleans are Enabled | CONFIGURATION MANAGEMENT, SYSTEM AND INFORMATION INTEGRITY |
| 12.1 Ensure the AppArmor Framework Is Enabled | CONFIGURATION MANAGEMENT, SYSTEM AND INFORMATION INTEGRITY |
| 12.2 Ensure the Apache AppArmor Profile Is Configured Properly | CONFIGURATION MANAGEMENT |
| 12.3 Ensure Apache AppArmor Profile is in Enforce Mode | CONFIGURATION MANAGEMENT |
| CIS_Apache_HTTP_Server_2.4_v2.2.0_L2.audit from CIS Apache HTTP Server 2.4 Benchmark v2.2.0 | |
