), this is a finding.
If the statement above is found enabled but without the appropriate "LimitExcept" or "Order" statement, this is a finding.
If the statement is not found inside an enabled "Directory" directive, this is a finding.
NOTE: If the "LimitExcept" statement above is operationally limiting, this should be explicitly documented and approved by the ISSO, at which point this can be considered not a finding.
Fix Text (F-99003r1_fix) |
---|
Edit the "httpd.conf" file and add the following entries for every enabled "Directory" directive (except root). Require all denied Example: . . . # Limit HTTP methods Require all denied |