← Back to Apache Server 2.4 Windows Server Security Technical Implementation Guide

V-214346

CAT II (Medium)

An Apache web server that is part of a web server cluster must route all remote management through a centrally managed access control point.

Rule ID

SV-214346r985884_rule

STIG

Apache Server 2.4 Windows Server Security Technical Implementation Guide

Version

V3R4

CCIs

CCI-000154

Discussion

A web server cluster is a group of independent Apache web servers that are managed as a single system for higher availability, easier manageability, and greater scalability. Without having centralized control of the web server cluster, management of the cluster becomes difficult. It is critical that remote management of the cluster be done through a designated management system acting as a single access point.

Check Content

Review the &lt;'INSTALL PATH'&gt;\conf\httpd.conf file.

Verify the "mod_proxy" is loaded.

If it does not exist, this is a finding.

If the "mod_proxy" module is loaded and the "ProxyPass" directive is not configured, this is a finding.

Fix Text

Edit the &lt;'INSTALL PATH'&gt;\conf\httpd.conf file and load the "mod_proxy" module.

Set the "ProxyPass" directive.

Restart the Apache service.