Buffer overflow protection should be configured 'LimitRequestBody' | SYSTEM AND INFORMATION INTEGRITY |
Buffer overflow protection should be configured 'LimitRequestFields' | SYSTEM AND INFORMATION INTEGRITY |
Buffer overflow protection should be configured 'LimitRequestFieldsize' | SYSTEM AND INFORMATION INTEGRITY |
Buffer overflow protection should be configured 'LimitRequestline' | SYSTEM AND INFORMATION INTEGRITY |
CGI-BIN directory should be disabled. 'Addmodule mod_cgi.c' | CONFIGURATION MANAGEMENT |
CGI-BIN directory should be disabled. 'AddModule mod_env.c' | CONFIGURATION MANAGEMENT |
CGI-BIN directory should be disabled. 'Directory' | CONFIGURATION MANAGEMENT |
CGI-BIN directory should be disabled. 'LoadModule cgi_module' | CONFIGURATION MANAGEMENT |
CGI-BIN directory should be disabled. 'LoadModule env_module' | CONFIGURATION MANAGEMENT |
CGI-BIN directory should be disabled. 'ScriptAlias' | CONFIGURATION MANAGEMENT |
Configuration files should be secured against unauthorized access. | |
Directory access permissions should be restricted. | CONFIGURATION MANAGEMENT |
Encryption protocols such as https should be used | SYSTEM AND COMMUNICATIONS PROTECTION |
File permissions in the root document should only be accessible by administrator | |
HTTP TRACE method should be disabled. 'RewriteCond' | CONFIGURATION MANAGEMENT |
HTTP TRACE method should be disabled. 'RewriteEngine' | CONFIGURATION MANAGEMENT |
HTTP TRACE method should be disabled. 'RewriteLog' | CONFIGURATION MANAGEMENT |
HTTP TRACE method should be disabled. 'RewriteLogLevel' | CONFIGURATION MANAGEMENT |
HTTP TRACE method should be disabled. 'RewriteRule' | CONFIGURATION MANAGEMENT |
HTTP TRACE method should be disabled. 'TraceEnable' | CONFIGURATION MANAGEMENT |
Keep Alive setting parameter value should be appropriately configured. | SYSTEM AND COMMUNICATIONS PROTECTION |
Keep Alive Timeout setting value should be appropriately configured. | SYSTEM AND COMMUNICATIONS PROTECTION |
Latest Patches/Fixes should be installed | SYSTEM AND INFORMATION INTEGRITY |
Limit HTTP methods allowed by the Web Server. | CONFIGURATION MANAGEMENT |
Logging Directives should be restricted to authorized users. - 'CustomLog logs/access_log combined' | AUDIT AND ACCOUNTABILITY |
Logging Directives should be restricted to authorized users. - 'ErrorLog logs/error_log' | AUDIT AND ACCOUNTABILITY |
Logging Directives should be restricted to authorized users. - 'LogFormat' | AUDIT AND ACCOUNTABILITY |
Logging Directives should be restricted to authorized users. - 'LogLevel notice' | AUDIT AND ACCOUNTABILITY |
Logs containing auditing information should be secured at the directory level. | AUDIT AND ACCOUNTABILITY |
MaxClients parameter value should be configured to appropriate value. | SYSTEM AND COMMUNICATIONS PROTECTION |
MaxKeepAliveRequests parameter value should be appropriately configured. | SYSTEM AND COMMUNICATIONS PROTECTION |
MaxSpareServers parameter value should be appropriately configured. | SYSTEM AND COMMUNICATIONS PROTECTION |
MinSpareServers parameter value should be appropriately configured. | SYSTEM AND COMMUNICATIONS PROTECTION |
Non-Essential modules should be disabled. 'mod_autoindex' | CONFIGURATION MANAGEMENT |
Non-Essential modules should be disabled. 'mod_dav' | CONFIGURATION MANAGEMENT |
Non-Essential modules should be disabled. 'mod_include' | CONFIGURATION MANAGEMENT |
Non-Essential modules should be disabled. 'mod_info' | CONFIGURATION MANAGEMENT |
Non-Essential modules should be disabled. 'mod_status' | CONFIGURATION MANAGEMENT |
Non-Essential modules should be disabled. 'mod_userdir' | CONFIGURATION MANAGEMENT |
Server version information parameters should be turned off - 'ServerSignature Off' | SYSTEM AND COMMUNICATIONS PROTECTION |
Server version information parameters should be turned off - 'ServerTokens Prod' | SYSTEM AND COMMUNICATIONS PROTECTION |
StartServers parameter value should be appropriately configured. | SYSTEM AND COMMUNICATIONS PROTECTION |
Timeout value parameter value should be appropriately configured | ACCESS CONTROL |
TNS_IBM_HTTP_Server_Linux_Best_Practice_Middleware.audit | |
User IDs which disclose the privileges associated with it, should not be created. 'lock' | ACCESS CONTROL |
User IDs which disclose the privileges associated with it, should not be created. 'nologin' | ACCESS CONTROL |