STIGhubSTIGhub
STIGsSearchCompareAbout

STIGhub

A free tool to search and browse the entire DISA STIG library. Saves up to 75% in security compliance research time.

Navigation

  • Browse STIGs
  • Search
  • Compare Versions

Resources

  • About
  • VPAT
  • DISA STIG Library
STIGs updated 2 hours ago
Powered by Pylon
© 2026 Beacon Cloud Solutions, Inc. All rights reserved.
← Back to Web Server Security Requirements Guide

V-264366

CAT II (Medium)

The web server must only use forward proxies that route HTTP/2 requests upstream.

Rule ID

SV-264366r984443_rule

STIG

Web Server Security Requirements Guide

Version

V4R4

CCIs

CCI-002418

Discussion

Without protection of the transmitted information, confidentiality and integrity may be compromised since unprotected communications can be intercepted and read or altered. Communication paths outside the physical protection of a controlled boundary are exposed to the possibility of interception and modification. It is crucial that the web server and forward proxy agree about the boundaries between requests. Otherwise, an attacker may be able to send ambiguous and other smuggling attacks to the web server.

Check Content

If a forward proxy is not used, this is not applicable. 

Verify the web server only uses forward proxies that route HTTP/2 requests upstream.

If the web server uses forward proxies that do not only route HTTP/2 requests, this is a finding.

Fix Text

Configure the web server to only use forward proxies that route HTTP/2 requests upstream.