UCF STIG Viewer Logo
Changes are coming to https://stigviewer.com. Take our survey to help us understand your usage and how we can better serve you in the future.
Take Survey

Directory indexing must be disabled on directories not containing index files.


Overview

Finding ID Version Rule ID IA Controls Severity
V-13735 WA000-WWA058 W22 SV-33006r1_rule ECSC-1 Medium
Description
Directory options directives are directives that can be applied to further restrict access to file and directories. If a URL which maps to a directory is requested, and there is no DirectoryIndex (e.g., index.html) in that directory, then mod_autoindex will return a formatted listing of the directory which is not acceptable.
STIG Date
APACHE SERVER 2.2 for Windows 2014-04-03

Details

Check Text ( C-33681r1_chk )
Locate the Apache httpd.conf file.

Open the httpd.conf file with an editor such as notepad, and search for the following uncommented directive: Options

Review all uncommented Options statements for the following value: -Indexes

If the value is found on the Options statement, and it does not have a preceding “-”, this is a finding. If the value does not exist, this would be a finding unless the enabled Options statement is set to “None”.
Fix Text (F-29307r1_fix)
Add a "-" to the Indexes setting, or set the options directive to None.