Hi Our product uses nginx to front-end inbound web access. To enhance our product's security posture, we have been examining the rules in the DISA Web Server Security Requirements Guide<https://dl.dod.cyber.mil/wp-content/uploads/stigs/zip/U_Web_Server_V2R3_SRG.zip>. One of the rules (https://www.stigviewer.com/stig/web_server_security_requirements_guide/2014-11-17/finding/V-41807) states, "The web server must generate unique session identifiers that cannot be reliably reproduced." I searched the nginx documentation, but wasn't able to confirm that unique session identifiers are used.
Are they? Thanks tl Terry Lemons [DellEMC_Logo_Hz_Blue_rgb_10percent] Data Protection Division 176 South Street, MS 2/B-34 Hopkinton MA 01748 terry.lem...@dell.com<mailto:terry.lem...@dell.com>
_______________________________________________ nginx mailing list nginx@nginx.org http://mailman.nginx.org/mailman/listinfo/nginx
