From Apache Server 2.4 UNIX Server Security Technical Implementation Guide
Part of SRG-APP-000141-WSR-000085
Associated with: CCI-000381
A web server can be installed with functionality that, by its nature, is not secure. WebDAV is an extension to the HTTP protocol that, when developed, was meant to allow users to create, change, and move documents on a server, typically a web server or web share. Allowing this functionality, development, and deployment is much easier for web authors.
In a command line, run "httpd -M | sort" to view a list of installed modules. If any of the following modules are present, this is a finding: dav_module dav_fs_module dav_lock_module
Determine where the "dav" modules are located by running the following command: grep -rl "dav_module" <'INSTALL PATH'> Edit the file and comment out the following modules: dav_module dav_fs_module dav_lock_module Restart Apache: apachectl restart
Lavender hyperlinks in small type off to the right (of CSS
class id, if you view the page source) point to
globally unique URIs for each document and item. Copy the
link location and paste anywhere you need to talk
unambiguously about these things.
You can obtain data about documents and items in other
formats. Simply provide an HTTP header Accept:
text/turtle or
Accept: application/rdf+xml.
Powered by sagemincer