| AS24-W1-000010 - The Apache web server must limit the number of allowed simultaneous session requests. | DISA STIG Apache Server 2.4 Windows Server v3r3 | Windows | ACCESS CONTROL |
| AS24-W1-000020 - The Apache web server must perform server-side session management - session_module | DISA STIG Apache Server 2.4 Windows Server v2r3 | Windows | ACCESS CONTROL |
| AS24-W1-000020 - The Apache web server must perform server-side session management - usertrack_module | DISA STIG Apache Server 2.4 Windows Server v2r3 | Windows | ACCESS CONTROL |
| AS24-W1-000030 - The Apache web server must use encryption strength in accordance with the categorization of data hosted by the Apache web server when remote connections are provided - ssl_module | DISA STIG Apache Server 2.4 Windows Server v2r3 | Windows | ACCESS CONTROL, IDENTIFICATION AND AUTHENTICATION, SYSTEM AND COMMUNICATIONS PROTECTION |
| AS24-W1-000030 - The Apache web server must use encryption strength in accordance with the categorization of data hosted by the Apache web server when remote connections are provided - SSLProtocol | DISA STIG Apache Server 2.4 Windows Server v3r3 | Windows | ACCESS CONTROL, IDENTIFICATION AND AUTHENTICATION, SYSTEM AND COMMUNICATIONS PROTECTION |
| AS24-W1-000160 - The Apache web server must use a logging mechanism that is configured to alert the (ISSO) and System Administrator (SA) in the event of a processing failure. | DISA STIG Apache Server 2.4 Windows Server v2r3 | Windows | AUDIT AND ACCOUNTABILITY |
| AS24-W1-000200 - The log information from the Apache web server must be protected from unauthorized deletion and modification. | DISA STIG Apache Server 2.4 Windows Server v2r3 | Windows | AUDIT AND ACCOUNTABILITY |
| AS24-W1-000200 - The log information from the Apache web server must be protected from unauthorized deletion and modification. | DISA STIG Apache Server 2.4 Windows Server v3r3 | Windows | AUDIT AND ACCOUNTABILITY |
| AS24-W1-000210 - The log data and records from the Apache web server must be backed up onto a different system or media. | DISA STIG Apache Server 2.4 Windows Server v3r3 | Windows | AUDIT AND ACCOUNTABILITY |
| AS24-W1-000240 - The Apache web server must not perform user management for hosted applications. | DISA STIG Apache Server 2.4 Windows Server v2r3 | Windows | CONFIGURATION MANAGEMENT |
| AS24-W1-000250 - The Apache web server must only contain services and functions necessary for operation - conf/extra/proxy-html.conf | DISA STIG Apache Server 2.4 Windows Server v3r3 | Windows | CONFIGURATION MANAGEMENT |
| AS24-W1-000250 - The Apache web server must only contain services and functions necessary for operation - SetHandler server-status | DISA STIG Apache Server 2.4 Windows Server v3r3 | Windows | CONFIGURATION MANAGEMENT |
| AS24-W1-000250 - The Apache web server must only contain services and functions necessary for operation - Welcome page | DISA STIG Apache Server 2.4 Windows Server v3r3 | Windows | CONFIGURATION MANAGEMENT |
| AS24-W1-000270 - The Apache web server must provide install options to exclude the installation of documentation, sample code, example applications, and tutorials. | DISA STIG Apache Server 2.4 Windows Server v2r3 | Windows | CONFIGURATION MANAGEMENT |
| AS24-W1-000280 - Apache web server application directories, libraries, and configuration files must only be accessible to privileged users. | DISA STIG Apache Server 2.4 Windows Server v3r3 | Windows | CONFIGURATION MANAGEMENT, SYSTEM AND COMMUNICATIONS PROTECTION |
| AS24-W1-000330 - The Apache web server must have Web Distributed Authoring (WebDAV) disabled. | DISA STIG Apache Server 2.4 Windows Server v3r3 | Windows | CONFIGURATION MANAGEMENT |
| AS24-W1-000360 - The Apache web server must be configured to use a specified IP address and port - Zero IPs Only | DISA STIG Apache Server 2.4 Windows Server v2r3 | Windows | CONFIGURATION MANAGEMENT |
| AS24-W1-000430 - Apache web server accounts accessing the directory tree, the shell, or other operating system functions and utilities must only be administrative accounts. | DISA STIG Apache Server 2.4 Windows Server v2r3 | Windows | SYSTEM AND COMMUNICATIONS PROTECTION |
| AS24-W1-000450 - The Apache web server must separate the hosted applications from hosted Apache web server management functionality. | DISA STIG Apache Server 2.4 Windows Server v2r3 | Windows | SYSTEM AND COMMUNICATIONS PROTECTION |
| AS24-W1-000460 - The Apache web server must invalidate session identifiers upon hosted application user logout or other session termination. | DISA STIG Apache Server 2.4 Windows Server v2r3 | Windows | SYSTEM AND COMMUNICATIONS PROTECTION |
| AS24-W1-000480 - The Apache web server must accept only system-generated session identifiers. | DISA STIG Apache Server 2.4 Windows Server v2r3 | Windows | SYSTEM AND COMMUNICATIONS PROTECTION |
| AS24-W1-000530 - The Apache web server must generate unique session identifiers with definable entropy - SSLRandomSeed startup | DISA STIG Apache Server 2.4 Windows Server v2r3 | Windows | SYSTEM AND COMMUNICATIONS PROTECTION |
| AS24-W1-000700 - An Apache web server that is part of a web server cluster must route all remote management through a centrally managed access control point - ProxyPass | DISA STIG Apache Server 2.4 Windows Server v2r3 | Windows | AUDIT AND ACCOUNTABILITY |
| AS24-W1-000730 - The Apache web server must be configurable to integrate with an organizations security infrastructure. | DISA STIG Apache Server 2.4 Windows Server v2r3 | Windows | AUDIT AND ACCOUNTABILITY |
| AS24-W1-000800 - The Apache web server must only accept client certificates issued by DoD PKI or DoD-approved PKI Certification Authorities (CAs). | DISA STIG Apache Server 2.4 Windows Server v2r3 | Windows | SYSTEM AND COMMUNICATIONS PROTECTION |
| WA230 W22 - The site software used with the web server must have all applicable security patches applied and documented. | DISA STIG Apache Server 2.2 Windows v1r13 | Windows | |
| WA00505 W22 - Web Distributed Authoring and Versioning (WebDAV) must be disabled. | DISA STIG Apache Server 2.2 Windows v1r13 | Windows | CONFIGURATION MANAGEMENT |
| WA00530 W22 - The process ID (PID) file must be properly secured. | DISA STIG Apache Server 2.2 Windows v1r13 | Windows | |
| WA00535 W22 - The ScoreBoard file must be properly secured. | DISA STIG Apache Server 2.2 Windows v1r13 | Windows | |
| WA00540 W22 - The web server must be configured to explicitly deny access to the OS root. | DISA STIG Apache Server 2.2 Windows v1r13 | Windows | CONFIGURATION MANAGEMENT |
| WA00547 W22 - The ability to override the access configuration for the OS root directory must be disabled. | DISA STIG Apache Server 2.2 Windows v1r13 | Windows | CONFIGURATION MANAGEMENT |
| WA00555 W22 - The web server must be configured to listen on a specific IP address and port. - '[::ffff:0.0.0.0]:80' | DISA STIG Apache Server 2.2 Windows v1r13 | Windows | CONFIGURATION MANAGEMENT |
| WA00612 W22 - The sites error logs must log the correct format. | DISA STIG Apache Site 2.2 Windows v1r13 | Windows | AUDIT AND ACCOUNTABILITY |
| WA00615 A22 - System logging must be enabled. | DISA STIG Apache Site 2.2 Unix v1r11 Middleware | Unix | AUDIT AND ACCOUNTABILITY |
| WG040 W22 - Public web server resources must not be shared with private assets. | DISA STIG Apache Server 2.2 Windows v1r13 | Windows | |
| WG200 W22 - Administrators must be the only users allowed access to the directory tree, the shell, or other operating system functions and utilities. - 'System32\dllcache\cmd.exe' | DISA STIG Apache Server 2.2 Windows v1r13 | Windows | |
| WG210 A22 - Web content directories must not be anonymously shared. | DISA STIG Apache Site 2.2 Unix v1r11 Middleware | Unix | ACCESS CONTROL |
| WG265 W22 - The required DoD banner page must be displayed to authenticated users accessing a DoD private website. | DISA STIG Apache Site 2.2 Windows v1r13 | Windows | ACCESS CONTROL |
| WG290 W22 - The web client account access to the content and scripts directories must be limited to read and execute. - 'ScriptAlias' | DISA STIG Apache Site 2.2 Windows v1r13 | Windows | |
| WG290 W22 - The web client account access to the content and scripts directories must be limited to read and execute. - 'ScriptAliasMatch' | DISA STIG Apache Site 2.2 Windows v1r13 | Windows | |
| WG300 W22 - Web server system files must conform to minimum file permission requirements. - 'bin' | DISA STIG Apache Server 2.2 Windows v1r13 | Windows | CONFIGURATION MANAGEMENT |
| WG345 W22 - The web server must remove all export ciphers from the cipher suite. | DISA STIG Apache Server 2.2 Windows v1r13 | Windows | SYSTEM AND COMMUNICATIONS PROTECTION |
| WG355 W22 - A private web server's list of CAs in a trust hierarchy must lead to an authorized DoD PKI Root CA. | DISA STIG Apache Server 2.2 Windows v1r13 | Windows | |
| WG360 A22 - Symbolic links must not be used in the web content directory tree - conf | DISA STIG Apache Site 2.2 Unix v1r11 Middleware | Unix | CONFIGURATION MANAGEMENT |
| WG385 W22 - All web server documentation, sample code, example applications, and tutorials must be removed from a production web server. - 'extra' | DISA STIG Apache Server 2.2 Windows v1r13 | Windows | CONFIGURATION MANAGEMENT |
| WG385 W22 - All web server documentation, sample code, example applications, and tutorials must be removed from a production web server. - 'printenv' | DISA STIG Apache Server 2.2 Windows v1r13 | Windows | CONFIGURATION MANAGEMENT |
| WG430 A22 - Anonymous FTP user access to interactive scripts is prohibited. | DISA STIG Apache Site 2.2 Unix v1r11 Middleware | Unix | |
| WG430 W22 - Anonymous FTP user access to interactive scripts must be prohibited. | DISA STIG Apache Site 2.2 Windows v1r13 | Windows | |
| WG490 W22 - Java software on production web servers must be limited to class files and the JAVA virtual machine. - 'ScriptAlias - *.java' | DISA STIG Apache Site 2.2 Windows v1r13 | Windows | CONFIGURATION MANAGEMENT |
| WG490 W22 - Java software on production web servers must be limited to class files and the JAVA virtual machine. - 'ScriptAlias - *.jpp' | DISA STIG Apache Site 2.2 Windows v1r13 | Windows | CONFIGURATION MANAGEMENT |
