6.4 Ensure secure is set to true only for SSL-enabled Connectors (verify secure is set to true)

Information

The secure attribute is used to convey Connector security status to applications operating over the Connector. This is typically achieved by calling request.isSecure(). Ensure the secure attribute is only set to true for Connectors operating with the SSLEnabled attribute set to true.

Solution

For each Connector defined in server.xml, set the secure attribute to true for those Connectors having SSLEnabled set to true. Set the secure attribute set to false for those Connectors having SSLEnabled set to false

See Also

https://workbench.cisecurity.org/files/266

Item Details

Category: SYSTEM AND COMMUNICATIONS PROTECTION

References: 800-53|SC-13

Plugin: Unix

Control ID: f89f15d9f7db88aabbc7d92584057ce6bf3394aac4749cd514c285db157bd0de