) or https:// means you've safely connected to the .gov website. Share sensitive information only on official, secure websites.
Web Apache Checklist Version 6, Release 1.12 Checklist Details (Checklist Revisions)
Supporting Resources:
-
Download Prose - Web Checklist Apache
- Defense Information Systems Agency
Target:
| Target | CPE Name |
|---|---|
| Apache HTTP Server 1.3 | cpe:/a:apache:http_server:1.3 (View CVEs) |
| Apache HTTP Server 2.0 | cpe:/a:apache:http_server:2.0 (View CVEs) |
Checklist Highlights
- Checklist Name:
- Web Apache Checklist
- Checklist ID:
- 94
- Version:
- Version 6, Release 1.12
- Type:
- Compliance
- Review Status:
- Final
- Authority:
- Governmental Authority: Defense Information Systems Agency
- Original Publication Date:
- 04/23/2010
Checklist Summary:
This group of checklists covers valuable security-related information for the Apache web server and web site server products. It includes procedures to perform a Security Readiness Review (SRR). Security items covered are based on the Web Server Secure Technology Implementation Guide (STIG) published by DISA. The reviewer will apply Systems Administration knowledge and have familiarity with web server and web site configurations. Apache Server, UNIX, Linux, and/or Windows server experience is beneficial. Users of this checklist will need to be able to navigate the file systems of these operating environments. This web server checklist targets conditions that undermine the integrity of security, contribute to inefficient security operations and administration, or that may lead to the interruption of production operations. The documentation provides procedures for assessing Apache web server and Apache web site server products. The document is broken into the following sections: Section 1: Contains specific product requirements for an Apache web server that were not addressed in the Web Server Secure Technology Implementation Guide (STIG) [http://iase.disa.mil/stigs/stig/index.html]. Section 2: Is not applicable to assessing Apache, but is specific to clients of the DISA VMS database. Section 3: Provides configuration information for Apache 1.3.x web server installations focusing on mitigating denial of dervice attacks, restricting file access, mitigating buffer overflows, account management, OS and DMZ configurations. Section 4: Provides configuration information for Apache web site 1.3.x in the areas of policy configuration, account privileges, and encryption. Section 5: Provides configuration information for Apache 2.x web server installations focusing on mitigating Denial of Service attacks, restricting file access, mitigating buffer overflows, account management, OS and DMZ configurations. Section 6: Provides configuration information for Apache web site 2.x in the areas of policy configuration, account privileges, and encryption. Note: Specific assessment procedures and information for assessing Apache can be found in all other sections of this checklist bundle, some of which is question-answer oriented.
Checklist Role:
- Web Server
Known Issues:
Not provided.
Target Audience:
Developed by DISA for the DOD. This document is intended for those responsible for the configuration and management of information systems. It assumes that the reader has knowledge of web servers and is familiar with common computer terminology.
Target Operational Environment:
- Managed
- Specialized Security-Limited Functionality (SSLF)
Testing Information:
Not provided.
Regulatory Compliance:
DOD Directive 8500.2, DOD Directive 8520.2
Comments/Warnings/Miscellaneous:
Please refer to the Checklist.
Disclaimer:
Not provided.
Product Support:
Only available to DOD customers.
Point of Contact:
disa.stig_spt@mail.mil
Sponsor:
Not provided.
Licensing:
Not provided.
Change History:
Version 6, Release 1.12 - 4/23/2010 Version 6, Release 1.11 - 4/23/2009
Dependency/Requirements:
| URL | Description |
|---|
References:
| Reference URL | Description |
|---|