The Apache web server must not be a proxy server.
Severity | Group ID | Group Title | Version | Rule ID | Date | STIG Version |
|---|---|---|---|---|---|---|
| medium | V-214320 | SRG-APP-000141-WSR-000076 | AS24-W1-000260 | SV-214320r1051286_rule | 2025-02-12 | 3 |
| Description |
|---|
| A web server should be primarily a web server or a proxy server but not both, for the same reasons that other multiuse servers are not recommended. Scanning for web servers that will also proxy requests into an otherwise protected network is a very common attack, making the attack anonymous. |
| ℹ️ Check |
|---|
| If the server has been approved to be a proxy server, this requirement is Not Applicable. Open the <'INSTALL PATH'>\conf\httpd.conf file with an editor and search for the following directive: ProxyRequests If the ProxyRequests directive is set to "On", this is a finding. |
| ✔️ Fix |
|---|
| Open the <'INSTALL PATH'>\conf\httpd.conf file with an editor and search for the following directive: ProxyRequests Set the directive to a value of "off". Restart the Apache service. |