| 5.13 Ensure Access to Inappropriate File Extensions Is Restricted - 'httpd.conf approved extention FileMatch directive exists' | CONFIGURATION MANAGEMENT, SYSTEM AND COMMUNICATIONS PROTECTION |
| 5.13 Ensure Access to Inappropriate File Extensions Is Restricted - 'httpd.conf FileMatch directive' | CONFIGURATION MANAGEMENT, SYSTEM AND COMMUNICATIONS PROTECTION |
| 5.14 Ensure IP Address Based Requests Are Disallowed - 'httpd.conf RewriteCond %{HTTP_HOST} exists' | CONFIGURATION MANAGEMENT, SYSTEM AND COMMUNICATIONS PROTECTION |
| 5.14 Ensure IP Address Based Requests Are Disallowed - 'httpd.conf RewriteCond %{REQUEST_URI} exists' | CONFIGURATION MANAGEMENT, SYSTEM AND COMMUNICATIONS PROTECTION |
| 5.14 Ensure IP Address Based Requests Are Disallowed - 'httpd.conf RewriteEngine = on' | CONFIGURATION MANAGEMENT, SYSTEM AND COMMUNICATIONS PROTECTION |
| 5.14 Ensure IP Address Based Requests Are Disallowed - [L,F] exists' | CONFIGURATION MANAGEMENT, SYSTEM AND COMMUNICATIONS PROTECTION |
| 5.15 Ensure the IP Addresses for Listening for Requests Are Specified - 'httpd.conf Listen [::ffff:0.0.0.0]:80 does not exists' | CONFIGURATION MANAGEMENT, SYSTEM AND INFORMATION INTEGRITY |
| 5.15 Ensure the IP Addresses for Listening for Requests Are Specified - 'httpd.conf Listen 0.0.0.0:80 does not exists' | CONFIGURATION MANAGEMENT, SYSTEM AND INFORMATION INTEGRITY |
| 5.16 Ensure Browser Framing Is Restricted | CONFIGURATION MANAGEMENT, SYSTEM AND COMMUNICATIONS PROTECTION |
| 5.17 Ensure HTTP Header Referrer-Policy is set appropriately | CONFIGURATION MANAGEMENT, SYSTEM AND COMMUNICATIONS PROTECTION |
| 5.18 Ensure HTTP Header Permissions-Policy is set appropriately | CONFIGURATION MANAGEMENT, SYSTEM AND COMMUNICATIONS PROTECTION, SYSTEM AND INFORMATION INTEGRITY |
| 6.2 Ensure a Syslog Facility Is Configured for Error Logging - 'Main' | AUDIT AND ACCOUNTABILITY |
| 6.2 Ensure a Syslog Facility Is Configured for Error Logging - 'VirtualHost' | AUDIT AND ACCOUNTABILITY |
| 6.6 Ensure ModSecurity Is Installed and Enabled | SECURITY ASSESSMENT AND AUTHORIZATION, SYSTEM AND COMMUNICATIONS PROTECTION |
| 6.7 Ensure the OWASP ModSecurity Core Rule Set Is Installed and Enabled - Active Rules | SECURITY ASSESSMENT AND AUTHORIZATION, SYSTEM AND COMMUNICATIONS PROTECTION |
| 6.7 Ensure the OWASP ModSecurity Core Rule Set Is Installed and Enabled - Inbound Anomaly Threshold | SECURITY ASSESSMENT AND AUTHORIZATION, SYSTEM AND COMMUNICATIONS PROTECTION |
| 6.7 Ensure the OWASP ModSecurity Core Rule Set Is Installed and Enabled - Outbound Anomaly Threshold | SECURITY ASSESSMENT AND AUTHORIZATION, SYSTEM AND COMMUNICATIONS PROTECTION |
| 6.7 Ensure the OWASP ModSecurity Core Rule Set Is Installed and Enabled - Paranoia Level | SECURITY ASSESSMENT AND AUTHORIZATION, SYSTEM AND COMMUNICATIONS PROTECTION |
| 7.10 Ensure OCSP Stapling Is Enabled - SSLStaplingCache | ACCESS CONTROL, IDENTIFICATION AND AUTHENTICATION, SYSTEM AND COMMUNICATIONS PROTECTION |
| 7.10 Ensure OCSP Stapling Is Enabled - SSLUseStapling | ACCESS CONTROL, IDENTIFICATION AND AUTHENTICATION, SYSTEM AND COMMUNICATIONS PROTECTION |
| 7.11 Ensure HTTP Strict Transport Security Is Enabled | ACCESS CONTROL, IDENTIFICATION AND AUTHENTICATION, SYSTEM AND COMMUNICATIONS PROTECTION |
| 7.12 Ensure Only Cipher Suites That Provide Forward Secrecy Are Enabled | ACCESS CONTROL, IDENTIFICATION AND AUTHENTICATION, SYSTEM AND COMMUNICATIONS PROTECTION |
| 8.3 Ensure All Default Apache Content Is Removed - 'httpd.conf Alias /icons/ /var/www/icons/ does not exist' | CONFIGURATION MANAGEMENT, SYSTEM AND COMMUNICATIONS PROTECTION |
| 8.3 Ensure All Default Apache Content Is Removed - 'httpd.conf Include conf/extra/httpd-autoindex.conf does not exists' | CONFIGURATION MANAGEMENT, SYSTEM AND COMMUNICATIONS PROTECTION |
| 8.4 Ensure ETag Response Header Fields Do Not Include Inodes | SYSTEM AND INFORMATION INTEGRITY |
| 10.1 Ensure the LimitRequestLine directive is Set to 512 or less | ACCESS CONTROL, CONFIGURATION MANAGEMENT |
| 10.2 Ensure the LimitRequestFields Directive is Set to 100 or Less | ACCESS CONTROL, CONFIGURATION MANAGEMENT |
| 10.3 Ensure the LimitRequestFieldsize Directive is Set to 1024 or Less | ACCESS CONTROL, CONFIGURATION MANAGEMENT |
| 10.4 Ensure the LimitRequestBody Directive is Set to 102400 or Less | ACCESS CONTROL, CONFIGURATION MANAGEMENT |
| 11.1 Ensure SELinux Is Enabled in Enforcing Mode - config | ACCESS CONTROL, AUDIT AND ACCOUNTABILITY, MEDIA PROTECTION |
| 11.1 Ensure SELinux Is Enabled in Enforcing Mode - current | ACCESS CONTROL, AUDIT AND ACCOUNTABILITY, MEDIA PROTECTION |
| 11.2 Ensure Apache Processes Run in the httpd_t Confined Context - apachectl | ACCESS CONTROL, MEDIA PROTECTION |
| 11.2 Ensure Apache Processes Run in the httpd_t Confined Context - httpd | ACCESS CONTROL, MEDIA PROTECTION |
| 11.3 Ensure the httpd_t Type is Not in Permissive Mode | ACCESS CONTROL, CONFIGURATION MANAGEMENT, MEDIA PROTECTION |
| 11.4 Ensure Only the Necessary SELinux Booleans are Enabled | CONFIGURATION MANAGEMENT, SYSTEM AND INFORMATION INTEGRITY |
| 12.1 Ensure the AppArmor Framework Is Enabled | CONFIGURATION MANAGEMENT, SYSTEM AND INFORMATION INTEGRITY |
| 12.2 Ensure the Apache AppArmor Profile Is Configured Properly | CONFIGURATION MANAGEMENT |
| 12.3 Ensure Apache AppArmor Profile is in Enforce Mode | CONFIGURATION MANAGEMENT |
| CIS_Apache_HTTP_Server_2.4_Benchmark_v2.1.0.audit from CIS Apache HTTP Server 2.4 Benchark v2.1.0 | |
