WEB_MISC mod_gzip_status access

Code: p1476

Severity: Warning

Description: This event is generated when an attempt is made to ascertain the status of the Apache module mod_gzip on a host.

Impact: Information gathering.

Corrective: Disable the mod_gzip module. Disallow access to mod_gzip_status from sources external to the protected network. Use the Apache directive to disallow access to the mod_gzip status page to the localhost only in the following manner: Order deny,allow Deny from all Allow from localhost