The” –FollowSymLinks” directive is not used on all data directories.
Overview
| Finding ID | Version | Rule ID | IA Controls | Severity |
|---|---|---|---|---|
| V-13732 | WA000-WWA052 | SV-14342r1_rule | Medium |
| Description |
|---|
| Directory options directives are httpd.conf directives that can be applied to further restrict access to file and directories. The server will follow symbolic links in this directory if the FollowSymLinks is permitted. |
| STIG | Date |
|---|---|
| IIS 7.0 Server STIG | 2019-03-22 |
Details
| Check Text ( C-10984r1_chk ) |
|---|
| Locate the Apache httpd.conf file. If you cannot locate the file, you can do a search of the drive to find the location of the file. Open the httpd.conf file with an editor and search for the following directive: Then review the Options statement for the following value: FollowSymLinks If the value is found on an options statement within the Directory directive, and it does not have a "-" preceding it, this is a finding. If the value does not exist, this would be a finding unless the Options statement has the "None" option. Please be sure to check for all occurrences of the Directory directive for the presence of the FollowSymLinks value. If this enabled on any of these, this would be a finding. |
| Fix Text (F-13180r1_fix) |
|---|
| Edit the httpd.conf file and set the value of FollowSymLinks to -FollowSymLinks. |