STIGhubSTIGhub
STIGsSearchCompareAbout

STIGhub

A free tool to search and browse the entire DISA STIG library. Saves up to 75% in security compliance research time.

Navigation

  • Browse STIGs
  • Search
  • Compare Versions

Resources

  • About
  • VPAT
  • DISA STIG Library
Powered by Pylon
© 2026 Beacon Cloud Solutions, Inc. All rights reserved.
← Back to APACHE 2.2 Site for Windows Security Technical Implementation Guide

V-13686

CAT I (High)

Web Administrators must only use encrypted connections for Document Root directory uploads.

Rule ID

SV-33131r1_rule

STIG

APACHE 2.2 Site for Windows Security Technical Implementation Guide

Version

V1R13

CCIs

None

Discussion

Logging in to a web server via an unencrypted protocol or service, to upload documents to the web site, is a risk if proper encryption is not utilized to protect the data being transmitted. An encrypted protocol or service must be used for remote access to web administration tasks.

Check Content

Query the SA to determine if there is a process for the uploading of files to the web site. This process should include the requirement for the use of a secure encrypted logon and secure encrypted connection.

If the remote users are uploading files without utilizing approved encryption methods, this is a finding.

Fix Text

Use only secure encrypted logons and connections for uploading files to the web site.