Detections
Analytics
AS24-U2-000320 - The Apache web server must have resource mappings set to disable the serving of certain file types.
Information
Resource mapping is the process of tying a particular file type to a process in the web server that can serve that type of file to a requesting client and to identify which file types are not to be delivered to a client.By not specifying which files can and cannot be served to a user, the web server could deliver to a user web server configuration files, log files, password files, etc.
The web server must only allow hosted application file types to be served to a user, and all other types must be disabled.
Solution
Determine the location of the 'HTTPD_ROOT' directory and the 'httpd.conf' file:# apachectl -V | egrep -i 'httpd_root|server_config_file'
-D HTTPD_ROOT='/etc/httpd'
-D SERVER_CONFIG_FILE='conf/httpd.conf'
Disable MIME types for .exe, .dll, .com, .bat, and .csh programs.
If 'Action' or 'AddHandler' exist and they configure .exe, .dll, .com, .bat, or .csh, remove those references.
Restart Apache: apachectl restart
Ensure this process is documented and approved by the ISSO.
See Also
https://dl.dod.cyber.mil/wp-content/uploads/stigs/zip/U_Apache_Server_2-4_Unix_Y25M04_STIG.zip
Item Details
Category: CONFIGURATION MANAGEMENT
References: 800-53|CM-7a., CAT|II, CCI|CCI-000381, Rule-ID|SV-214283r960963_rule, STIG-ID|AS24-U2-000320, STIG-Legacy|SV-102865, STIG-Legacy|V-92777, Vuln-ID|V-214283
Plugin: Unix
Control ID: cb2d3c19893fb162a4c4422b137e75c1db7647b7811e74a1be2e17a3e0f89511