From APACHE 2.2 Server for Windows Security Technical Implementation Guide
Part of WA00535
The ScoreBoardFile directive sets a file path which the server will use for Inter-Process Communication (IPC) among the Apache processes. If the directive is specified, then Apache will use the configured file for the inter-process communication. Therefore if it is specified it needs to be located in a secure directory. If the ScoreBoard file is placed in openly writable directory, other accounts could create a denial of service attack and prevent the server from starting by creating a file with the same name, and or users could monitor and disrupt the communication between the processes by reading and writing to the file.
Locate the Apache httpd.conf file. Open the httpd.conf file with an editor such as notepad, and search for the following uncommented directive: ScoreBoardFile If the ScoreBoardFile directive is found uncommented note the directory specified in the directive statement that holds the Scoreboard file. If the ScoreBoardFile directive is not found enabled in the conf file use \logs as the directory containing the Scoreboard file. If any users other than administrator or the account used to run the web server has permission to the scoreboard file directory, this is a finding. If the ScoreBoard file is located in the web server document root this is finding.
Modify the location and/or permissions for the ScoreBoard file and/or folder.
Lavender hyperlinks in small type off to the right (of CSS
class id, if you view the page source) point to
globally unique URIs for each document and item. Copy the
link location and paste anywhere you need to talk
unambiguously about these things.
You can obtain data about documents and items in other
formats. Simply provide an HTTP header Accept:
text/turtle or
Accept: application/rdf+xml.
Powered by sagemincer