From Apache Server 2.4 UNIX Server Security Technical Implementation Guide
Part of SRG-APP-000093-WSR-000053
Associated with: CCI-001084
The HTTP 1.1 protocol supports several request methods that are rarely used and potentially high risk. For example, methods such as PUT and DELETE are rarely used and should be disabled in keeping with the primary security principal of minimize features and options. Also, since the usage of these methods is typically to modify resources on the web server, they should be explicitly disallowed. Normal web server operation will typically require allowing only the GET, HEAD, and POST request methods. This will allow for downloading of web pages and submitting information to web forms. The OPTIONS request method will also be allowed as it is used to request which HTTP request methods are allowed.
Enter the following command:
more <'INSTALLED PATH'>/conf/httpd.conf
For every enabled "Directory" directive (except root), verify the following entry exists:
Order allow,deny
Edit the "httpd.conf" file and add the following entries for every enabled directory except root.
Order allow,deny
Lavender hyperlinks in small type off to the right (of CSS
class id
, if you view the page source) point to
globally unique URIs for each document and item. Copy the
link location and paste anywhere you need to talk
unambiguously about these things.
You can obtain data about documents and items in other
formats. Simply provide an HTTP header Accept:
text/turtle
or
Accept: application/rdf+xml
.
Powered by sagemincer