Changes are coming to https://stigviewer.com.
Take our survey to help us understand your usage and how we can better serve you in the future.
Take Survey
Directory indexing must be disabled on directories not containing index files.
Overview
| Finding ID | Version | Rule ID | IA Controls | Severity |
|---|---|---|---|---|
| V-13735 | WA000-WWA058 A22 | SV-32755r1_rule | Medium |
| Description |
|---|
| Directory options directives are directives that can be applied to further restrict access to file and directories. If a URL which maps to a directory is requested, and there is no DirectoryIndex (e.g., index.html) in that directory, then mod_autoindex will return a formatted listing of the directory which is not acceptable. |
| STIG | Date |
|---|---|
| APACHE 2.2 Server for UNIX Security Technical Implementation Guide | 2019-01-07 |
Details
| Check Text ( C-33617r1_chk ) |
|---|
| To view the Indexes value enter the following command: grep "Indexes" /usr/local/apache2/conf/httpd.conf. Review all uncommented Options statements for the following value: -Indexes If the value is found on the Options statement, and it does not have a preceding ‘-‘, this is a finding. Notes: - If the value does NOT exist, this is a finding. - If all enabled Options statement are set to None this is not a finding. |
| Fix Text (F-29248r1_fix) |
|---|
| Edit the httpd.conf file and add an "-" to the Indexes setting, or set the options directive to None. |