The web server must only use forward proxies that route HTTP/2 requests upstream.
Severity | Group ID | Group Title | Version | Rule ID | Date | STIG Version |
|---|---|---|---|---|---|---|
| medium | V-264366 | SRG-APP-000439 | SRG-APP-000439-WSR-000196 | SV-264366r984443_rule | 2025-09-10 | 4 |
Description
Without protection of the transmitted information, confidentiality and integrity may be compromised since unprotected communications can be intercepted and read or altered. Communication paths outside the physical protection of a controlled boundary are exposed to the possibility of interception and modification.
It is crucial that the web server and forward proxy agree about the boundaries between requests. Otherwise, an attacker may be able to send ambiguous and other smuggling attacks to the web server.
ℹ️ Check
If a forward proxy is not used, this is not applicable.
Verify the web server only uses forward proxies that route HTTP/2 requests upstream.
If the web server uses forward proxies that do not only route HTTP/2 requests, this is a finding.
✔️ Fix
Configure the web server to only use forward proxies that route HTTP/2 requests upstream.