The web server must provide a clustering capability.

From Web Server Security Requirements Guide

Associated with: CCI-001190

SV-54389r3_rule The web server must provide a clustering capability.

Vulnerability discussion

The web server may host applications that display information that cannot be disrupted, such as information that is time-critical or life-threatening. In these cases, a web server that shuts down or ceases to be accessible when there is a failure is not acceptable. In these types of cases, clustering of web servers is used. Clustering of multiple web servers is a common approach to providing fail-safe application availability. To assure application availability, the web server must provide clustering or some form of failover functionality.

Check content

Review the web server documentation, deployed configuration, and risk analysis documentation to verify that the web server is configured to provide clustering functionality, if the web server is a high-availability web server. If the web server is not a high-availability web server, this finding is NA. If the web server is not configured to provide clustering or some form of failover functionality and the web server is a high-availability server, this is a finding.

Fix text

Configure the web server to provide application failover, or participate in a web cluster that provides failover for high-availability web servers.

Pro Tips

Lavender hyperlinks in small type off to the right (of CSS class id, if you view the page source) point to globally unique URIs for each document and item. Copy the link location and paste anywhere you need to talk unambiguously about these things.

You can obtain data about documents and items in other formats. Simply provide an HTTP header Accept: text/turtle or Accept: application/rdf+xml.