Apache Web Server 2.4



  1. The Apache Software Foundation and the Apache HTTP Server Project has announced the release of version 2.4.2 of the Apache HTTP Server (“Apache”). This version of Apache is the second GA release of the new generation 2.4.x branch of Apache HTTPD and represents fifteen years of innovation by the project.
  2. The Apache HTTP Server Project.

At the time of writing, the latest version of Apache server (httpd) available at Apache Lounge is 2.4.7, so that version will be referenced in this guide. If you have a newer version, you should be able to simply substitute it, unless major changes have been made. Step 3 You should now have a zip file named httpd-2.4.7-win32-VC11.zip or similar. The Apache Software Foundation and the Apache HTTP Server Project are pleased to announce the release of version 2.3.9 of modfcgid, a FastCGI implementation for Apache HTTP Server versions 2.2 and 2.4. This version of modfcgid is a security release. For information about this module subproject, see the modfcgid module project page. Apache is a remarkable piece of application software. It is the most widely used Web Server application in the world with more than 50% share in the commercial web server market. Apache is the most widely used Web Server application in Unix-like operating systems but can be used on almost all platforms such as Windows, OS X, OS/2, etc.

Checklist Summary:

The Apache Server 2.4 – UNIX Security Technical Implementation Guide (STIG) provides direction on performing an assessment of a server being used in a web server role using Apache Server 2.4. The STIG should be used to improve the security posture of a Department of Defense (DoD) web server and its associated websites.This document is a requirement for all DoD-owned information systems and DoD-controlled information systems operated by a contractor and/or other entity on behalf of the DoD that receive, process, store, display, or transmit DoD information, regardless of classification and/or sensitivity. These requirements are designed to assist Security Managers (SMs), Information System Security Managers (ISSMs), Information System Security Officers (ISSOs), and System Administrators (SAs) with configuring and maintaining security controls. This guidance supports DoD information system design, development, implementation, and certification and accreditation efforts but is restricted to policies and configurations specific to web servers and sites.There are multiple STIG packages for Apache Server 2.4 for UNIX: one for Apache Server 2.4 server-related requirements and one for Apache Server 2.4 website-related requirements. Both STIGs must be applied to an Apache Server 2.4 web server for a particular operating system. The individual packages are:• Apache Server 2.4 – Server – UNIX• Apache Server 2.4 – Site – UNIX

Apache

Checklist Role:

  • Web Server

Known Issues:

Not provided.

Apache web server windows 10

Target Audience:

This document is a requirement for all DoD-owned information systems and DoD-controlled information systems operated by a contractor and/or other entity on behalf of the DoD that receive, process, store, display, or transmit DoD information, regardless of classification and/or sensitivity. These requirements are designed to assist Security Managers (SMs), Information Assurance Managers (IAMs), IAOs, and System Administrators (SAs) with configuring and maintaining security controls. This guidance supports DoD information system design, development, implementation, certification and accreditation efforts, but is restricted to policies and configurations specific to web servers and sites. The roles of the SA and the web administrator or web master are generally understood but, sometimes, these terms are used interchangeably. The SA is responsible for the OS, while the web administrator or web master usually manages the web site or sites. In some cases, the SA is also the web administrator/web master which is why guidance tends to be written in a certain fashion. The application development group should refer to the organization that actually wrote the web application that is hosted on a web site for further guidance, where applicable.

Target Operational Environment:

  • Managed
  • Specialized Security-Limited Functionality (SSLF)

Testing Information:

Not provided.

Regulatory Compliance:

DoD Directive 8500.1, DoD Directive 8500.2

Comments/Warnings/Miscellaneous:

Comments or proposed revisions to this document should be sent via e-mail to the following address: disa.stig_spt@mail.mil. DISA Field Security Operations (FSO) will coordinate all change requests with the relevant DoD organizations before inclusion in this document.

Disclaimer:

Not provided.

Apache Web Server 2.4

Product Support:

Comments or proposed revisions to this document should be sent via e-mail to the following address: disa.stig_spt@mail.mil. DISA Field Security Operations (FSO) will coordinate all change requests with the relevant DoD organizations before inclusion in this document.

Point of Contact:

DISA Field Security Operations (FSO) disa.stig_spt@mail.mil

Sponsor:

Developed by DISA for the DoD

Licensing:

Raytek driver download. Not provided.

Change History:

Dependency/Requirements:

URLDescription

References:

Reference URLDescription

NIST checklist record last modified on 01/27/2021

« Apache HTTP Server.. | Main | Require and friends »

New in httpd 2.4: If, ElseIf, and Else

Over the coming weeks, I'm going to be writing several articles about new features in Apache httpd 2.4. To me the most compelling reason to upgrade to Apache 2.4 today is the <If> directive, so that's where I'll start.

Related documentation:

This is something that people have been asking for since the very first day I was involved in Apache stuff - the ability to insert conditional statements in configuration files. And now that it's here, it's everything we wanted. Even a bit more.

The <If> directive may be used in all contexts (server config, virtual host, directory, .htaccess) and is evaluated at request time to effect the behavior of the server.

Apache Web Server 2.4

Some of the things you might use this directive for, you've been using mod_rewrite for up until now, so one of the side-effects of this directive is that we can reduce our reliance on mod_rewrite's complex syntax for common situations. Over the coming months, more examples will be added to the documentation, and we'll have a recipe section with many of the same sorts of scenarios that are in the mod_rewrite recipe section.

Let's start with a few simple examples so that you can see how it might be used. Consider a case where you have a website, www.wooga.com, and you want to compel people to use the www prefix for all requests. In the distant past, you may have used mod_rewrite for this, but here it is stated more clearly with the If directive:

In plain language, that says 'if the host request header isn't www.wooga.com, redirect the request to www.wooga.com.'

Apache Web Server 2.4 Tutorial

In fact, most of the commonest uses of mod_rewrite can now be replaced with the If directive, making them easier to read, and, therefore, less prone to error, and the redirect looping that so often plagues RewriteRule-based solutions.

For more complex scenarios, there's also <ElseIf> and <Else> directives, so that you can create multi-step if .. elseif .. elseif .. else logic flows in your configuration files.

These directives may be used in any scope - main configuration, virtual hosts, directories, or .htaccess files - and so give you significantly more power for conditional configurations than you ever had before.

The term in the If statement can be any request header ($req) or environment variable ($env), or many other values. Expressions in these comparisons can be fairly complicated, as they can use the new expression syntax which is another major enhancements in httpd 2.4, and an article for another day.

Apache Web Server 2.4.43

Drivers rm education. As with many features that are brand new in 2.4, you can expect more detailed official documentation in the near future, complete with many examples. For now, I'd encourage you to study the expression syntax documentation, and experiment.

Apache Web Server 2.4 End Of Life

Posted at 02:34PM Mar 02, 2012 by rbowen in General | |

Server Apache

Comments are closed for this entry.