| AS24-W1-000250 - The Apache web server must only contain services and functions necessary for operation - httpd-manual package | DISA STIG Apache Server 2.4 Windows Server v2r3 | Windows | CONFIGURATION MANAGEMENT |
| AS24-W1-000250 - The Apache web server must only contain services and functions necessary for operation - SetHandler other | DISA STIG Apache Server 2.4 Windows Server v2r3 | Windows | CONFIGURATION MANAGEMENT |
| AS24-W1-000260 - The Apache web server must not be a proxy server. | DISA STIG Apache Server 2.4 Windows Server v2r3 | Windows | CONFIGURATION MANAGEMENT |
| AS24-W1-000280 - Apache web server application directories, libraries, and configuration files must only be accessible to privileged users. | DISA STIG Apache Server 2.4 Windows Server v2r3 | Windows | CONFIGURATION MANAGEMENT, SYSTEM AND COMMUNICATIONS PROTECTION |
| AS24-W1-000330 - The Apache web server must have Web Distributed Authoring (WebDAV) disabled. | DISA STIG Apache Server 2.4 Windows Server v2r3 | Windows | CONFIGURATION MANAGEMENT |
| AS24-W1-000370 - The Apache web server must encrypt passwords during transmission. | DISA STIG Apache Server 2.4 Windows Server v2r3 | Windows | IDENTIFICATION AND AUTHENTICATION |
| AS24-W1-000470 - Cookies exchanged between the Apache web server and client, such as session cookies, must have security settings that disallow cookie access outside the originating Apache web server and hosted application - Javascript setCookie | DISA STIG Apache Server 2.4 Windows Server v2r3 | Windows | SYSTEM AND COMMUNICATIONS PROTECTION |
| AS24-W1-000530 - The Apache web server must generate unique session identifiers with definable entropy - SSLRandomSeed connect | DISA STIG Apache Server 2.4 Windows Server v2r3 | Windows | SYSTEM AND COMMUNICATIONS PROTECTION |
| WA000-WWA026 A22 - The httpd.conf StartServers directive must be set properly. | DISA STIG Apache Server 2.2 Unix v1r11 Middleware | Unix | |
| WA000-WWA032 A22 - The httpd.conf MaxClients directive must be set properly. | DISA STIG Apache Server 2.2 Unix v1r11 Middleware | Unix | |
| WA000-WWA050 A22 - All interactive programs must be placed in a designated directory with appropriate permissions - conf | DISA STIG Apache Server 2.2 Unix v1r11 Middleware | Unix | |
| WA000-WWA054 A22 - Server side includes (SSIs) must run with execution capability disabled - None | DISA STIG Apache Server 2.2 Unix v1r11 Middleware | Unix | |
| WA000-WWA060 A22 - The HTTP request message body size must be limited. | DISA STIG Apache Server 2.2 Unix v1r11 Middleware | Unix | |
| WA000-WWA062 W22 - The HTTP request header fields must be limited. | DISA STIG Apache Server 2.2 Windows v1r13 | Windows | CONFIGURATION MANAGEMENT |
| WA060 W22 - A public web server, if hosted on the NIPRNet, must be isolated in an accredited DoD DMZ Extension. | DISA STIG Apache Server 2.2 Windows v1r13 | Windows | |
| WA140 W22 - Web server content and configuration files must be part of a routine backup program. | DISA STIG Apache Server 2.2 Windows v1r13 | Windows | |
| WA155 W22 - Classified web servers will be afforded physical security commensurate with the classification of its content. | DISA STIG Apache Server 2.2 Windows v1r13 | Windows | |
| WA00500 W22 - Active software modules must be minimized. | DISA STIG Apache Server 2.2 Windows v1r13 | Windows | CONFIGURATION MANAGEMENT |
| WA00515 A22 - Automatic directory indexing must be disabled. | DISA STIG Apache Server 2.2 Unix v1r11 Middleware | Unix | CONFIGURATION MANAGEMENT |
| WA00525 A22 - User specific directories must not be globally enabled. | DISA STIG Apache Server 2.2 Unix v1r11 Middleware | Unix | |
| WA00530 A22 - The process ID (PID) file must be properly secured | DISA STIG Apache Server 2.2 Unix v1r11 Middleware | Unix | |
| WA00547 A22 - The ability to override the access configuration for the OS root directory must be disabled. | DISA STIG Apache Server 2.2 Unix v1r11 Middleware | Unix | CONFIGURATION MANAGEMENT |
| WA00612 A22 - The sites error logs must log the correct format. | DISA STIG Apache Site 2.2 Unix v1r11 Middleware | Unix | AUDIT AND ACCOUNTABILITY |
| WA00615 A22 - System logging must be enabled. | DISA STIG Apache Site 2.2 Unix v1r11 | Unix | AUDIT AND ACCOUNTABILITY |
| WG080 W22 - Installation of a compiler on production web server must be prohibited. | DISA STIG Apache Server 2.2 Windows v1r13 | Windows | |
| WG170 A22 - Each readable web document directory must contain either a default, home, index, or equivalent file. | DISA STIG Apache Site 2.2 Unix v1r11 | Unix | |
| WG220 A22 - Web administration tools must be restricted to the web manager and the web manager's designees - AccessConfig | DISA STIG Apache Server 2.2 Unix v1r11 Middleware | Unix | |
| WG235 A22 - Web Administrators must only use encrypted connections for Document Root directory uploads. | DISA STIG Apache Site 2.2 Unix v1r11 Middleware | Unix | |
| WG255 A22 - Access to the web server log files must be restricted to administrators, web administrators, and auditors. | DISA STIG Apache Site 2.2 Unix v1r11 Middleware | Unix | CONFIGURATION MANAGEMENT |
| WG265 A22 - The required DoD banner page must be displayed to authenticated users accessing a DoD private website. | DISA STIG Apache Site 2.2 Unix v1r11 Middleware | Unix | ACCESS CONTROL |
| WG270 A22 - The web server's htpasswd files (if present) must reflect proper ownership and permissions | DISA STIG Apache Server 2.2 Unix v1r11 | Unix | |
| WG280 - The access control files are owned by a privileged web server account - HTACCESS_DIR | DISA STIG Apache Server 2.2 Unix v1r11 | Unix | |
| WG280 - The access control files are owned by a privileged web server account - HTTPD_CONFIG_DIRECTORY/httpd.conf | DISA STIG Apache Server 2.2 Unix v1r11 | Unix | |
| WG300 A22 - Web server system files must conform to minimum file permission requirements - apache bin/* | DISA STIG Apache Server 2.2 Unix v1r11 | Unix | CONFIGURATION MANAGEMENT |
| WG300 A22 - Web server system files must conform to minimum file permission requirements - cgi_bin/* | DISA STIG Apache Server 2.2 Unix v1r11 | Unix | CONFIGURATION MANAGEMENT |
| WG300 A22 - Web server system files must conform to minimum file permission requirements - config | DISA STIG Apache Server 2.2 Unix v1r11 | Unix | CONFIGURATION MANAGEMENT |
| WG300 A22 - Web server system files must conform to minimum file permission requirements - document root | DISA STIG Apache Server 2.2 Unix v1r11 Middleware | Unix | CONFIGURATION MANAGEMENT |
| WG300 A22 - Web server system files must conform to minimum file permission requirements - htdocs | DISA STIG Apache Server 2.2 Unix v1r11 | Unix | CONFIGURATION MANAGEMENT |
| WG300 A22 - Web server system files must conform to minimum file permission requirements - logs | DISA STIG Apache Server 2.2 Unix v1r11 Middleware | Unix | CONFIGURATION MANAGEMENT |
| WG330 A22 - A public web server must limit email to outbound only - netstat | DISA STIG Apache Server 2.2 Unix v1r11 | Unix | CONFIGURATION MANAGEMENT |
| WG330 W22 - A public web server must limit e-mail to outbound only. | DISA STIG Apache Server 2.2 Windows v1r13 | Windows | CONFIGURATION MANAGEMENT |
| WG360 A22 - Symbolic links must not be used in the web content directory tree - find | DISA STIG Apache Site 2.2 Unix v1r11 | Unix | CONFIGURATION MANAGEMENT |
| WG385 A22 - All web server documentation, sample code, example applications, and tutorials must be removed from a production web server. | DISA STIG Apache Server 2.2 Unix v1r11 Middleware | Unix | CONFIGURATION MANAGEMENT |
| WG385 W22 - All web server documentation, sample code, example applications, and tutorials must be removed from a production web server. - 'httpd-manual' | DISA STIG Apache Server 2.2 Windows v1r13 | Windows | CONFIGURATION MANAGEMENT |
| WG440 A22 - Monitoring software must include CGI or equivalent programs in its scope. | DISA STIG Apache Server 2.2 Unix v1r11 | Unix | |
| WG460 A22 - PERL scripts must use the TAINT option. | DISA STIG Apache Site 2.2 Unix v1r11 | Unix | SYSTEM AND INFORMATION INTEGRITY |
| WG470 W22 - Wscript.exe and Cscript.exe must only be accessible by the SA and/or the web administrator. - 'Wscript.exe' | DISA STIG Apache Server 2.2 Windows v1r13 | Windows | |
| WG520 A22 - Web server and/or operating system information must be protected. | DISA STIG Apache Server 2.2 Unix v1r11 Middleware | Unix | |
| WG520 W22 - Web server and/or operating system information must be protected. | DISA STIG Apache Server 2.2 Windows v1r13 | Windows | CONFIGURATION MANAGEMENT |
| WG610 A22 - Web sites must utilize ports, protocols, and services according to PPSM guidelines. | DISA STIG Apache Site 2.2 Unix v1r11 Middleware | Unix | |
