Revision 1.5Aug 9, 2022
Functional Update
- WA00500 A22 - Active software modules must be minimized.
- WA00505 A22 - Web Distributed Authoring and Versioning (WebDAV) must be disabled.
- WA00510 A22 - Web server status module must be disabled.
- WA00515 A22 - Automatic directory indexing must be disabled.
- WA00520 A22 - The web server must not be configured as a proxy server.
- WA00525 A22 - User specific directories must not be globally enabled.
- WA00530 A22 - The process ID (PID) file must be properly secured
- WA00535 A22 - The score board file must be properly secured.
- WA230 A22 - The Web site software used with the web server must have all applicable security patches applied and documented.
- WG190 A22 - Web server software must be a vendor-supported version.
- WG270 A22 - The web server's htpasswd files (if present) must reflect proper ownership and permissions
- WG280 - The access control files are owned by a privileged web server account - @APP_Config_files@
- WG280 - The access control files are owned by a privileged web server account - @HTACCESS_DIR@
- WG300 A22 - Web server system files must conform to minimum file permission requirements - cgi_bin
- WG300 A22 - Web server system files must conform to minimum file permission requirements - config
- WG300 A22 - Web server system files must conform to minimum file permission requirements - document root
- WG300 A22 - Web server system files must conform to minimum file permission requirements - logs
- WG385 A22 - All web server documentation, sample code, example applications, and tutorials must be removed from a production web server.