Vulnerability ID V26396, STIG ID WA00565 for HTTP request methods.

Document ID : KB000019300
Last Modified Date : 14/02/2018
Show Technical Document Details


Vulnerability ID V26396, STIG ID WA00565, HTTP request methods must be limited.
For every enabled <Directory> directive (except root), ensure the following entry exists:
Order allow,deny
Deny from all
If the statement is not found inside an enabled <Directory> directive, this is a finding.
Note: If the LimitExcept statement above is operationally limiting. This should be explicitly documented with the Web Manager, at which point this can be considered not a finding.


To resolve this issue, please add the parameters to the $NH_HOME/web/httpd/httpd.tpl file somewhere between the comments which are already present in the file.

Note: Please take a copy of $NH_HOME/web/httpd/httpd.tpl file before making any changes.

# Custom Protect Section
# End Custom Protect Section


# Custom Protect Section

<Location /status>
   AllowOverride None
<LimitExcept GET>
Deny from all
  SetHandler server-status

# End Custom Protect Section

The comments must remain intact