STIGhubSTIGhub
STIGsRMF ControlsCompare

STIGhub

A free tool to search and browse the entire DISA STIG library. Saves up to 75% in security compliance research time.

Navigation

  • Browse STIGs
  • Search
  • RMF Controls
  • Compare Versions

Resources

  • About
  • Release Notes
  • VPAT
  • DISA STIG Library
STIGs updated 5 hours ago
Powered by Pylon
© 2026 Beacon Cloud Solutions, Inc. All rights reserved.
← Back to VMW vRealize Automation 7.x HA Proxy Security Technical Implementation Guide

V-240062

CAT II (Medium)

HAProxy must use SSL/TLS protocols in order to secure passwords during transmission from the client.

Rule ID

SV-240062r879609_rule

STIG

VMW vRealize Automation 7.x HA Proxy Security Technical Implementation Guide

Version

V1R2

CCIs

CCI-000197

Discussion

Data used to authenticate, especially passwords, needs to be protected at all times, and encryption is the standard method for protecting authentication data during transmission. Even when data is passed through a load balancer, data used to authenticate users must be sent via SSL/TLS.

Check Content

At the command line execute the following command:

cat /etc/haproxy/conf.d/20-vcac.cfg | awk '$0 ~ /bind.*:80/ || $0 ~ /redirect.*ssl_fc/ {print}'

If the command does not return the two lines below, this is a finding.

bind 0.0.0.0:80
redirect scheme https if !{ ssl_fc }

Fix Text

Navigate to and open /etc/haproxy/conf.d/20-vcac.cfg

Navigate to and configure the "frontend https-in" section with the following two values:  

bind 0.0.0.0:80
redirect scheme https if !{ ssl_fc }