07-23-2013 11:52 AM
What would be the use case?
Consulting Systems Engineer - ACCX, ACDX, ACMX
If you found my post helpful, please give kudos
10-16-2015 05:13 AM
Scenario of use case for my situation is to resolve vulnerabilities detected by Rapid7 with regard to "Apache Server mod_info is Publicly Accessible". Specific tip is provided to resolve this:
The configuration file for apache (httpd.conf), reads:
<Location /server-info> SetHandler server-info </Location>
To remove the feature from Apache, rewrite this to:
# comment everything out #<Location /server-info> # SetHandler server-info #</Location>
To keep the feature, adding access control, rewrite it to:
# add access control <Location/server-info> SetHandler server-info Order deny,allow Deny from all Allow from 127.0.0.1 </Location>
10-16-2015 06:37 AM
The httpd.conf files is not configurable on the controller. Please open a TAC case with the details and copies of your findings so that our security team can review. Chances are it's not a true vulnerability, but they can read through the details from your scanner and fill you in on the details.
Sr. Techical Marketing Engineer
10-16-2015 02:03 PM
The mod_info module is not present in the Apache binary in ArubaOS. I think your Rapid7 scanner is broken...
Are you sure it's not being confused by a captive portal redirect?
Jon Green, ACMX, CISSP