I am new to the UNIX Sys Admin arena.
I currently had my vulnerability scan, and turned up an Apache HTTP Reverse Proxy / Rewrite Rule vulnerability. ( at least I'm assuming thatis what the issue is, and the solution is to install package CVE-2011-4317 ) But, I am not able to find this package.
So, I've been doing some research, and have found some discussions referencing the disabling of reverse proxy and / or rewrite rule.
I have verified that my ' httpd.conf ' file has the correct configuration:
RewriteRule ^(.*) http://IP_address/$1 <----- the insertion of the ' / '
ProxyPassMatch ^(.*) http://IP_address/$1 <---- the insertion of the ' / '
However, my ' httpd.conf ' file has neither of these two lines. It does reference several RewriteRule lines that look like the following:
RewriteRule ^.*$ - [G,L}
I'm sure I missed something, probably the correct ' .conf ' file, but not sure where that would be located.
Could someone give me guidance or direction as tohow to resolve this issue? I will be greatful for any assistance from the community.